5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.467 Medium
EPSS
Percentile
97.5%
Package : apache2
Version : 2.2.16-6+squeeze14
CVE ID : CVE-2013-5704 CVE-2014-3581
This update fixes two security issues with apache2.
CVE-2013-5704
Disable the possibility to replace HTTP headers with HTTP trailers
as this could be used to circumvent earlier header operations made by
other modules. This can be restored with a new MergeTrailers
directive.
CVE-2014-3581
Fix denial of service where Apache can segfault when mod_cache is used
and when the cached request contains an empty Content-Type header.
โ
Raphaรซl Hertzog โ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature