5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.467 Medium
EPSS
Percentile
97.5%
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote
attackers to bypass โRequestHeader unsetโ directives by placing a header in
the trailer portion of data sent with chunked transfer coding. NOTE: the
vendor states โthis is not a security issue in httpd as such.โ
Author | Note |
---|---|
mdeslaur | check for r1610814, r1610686, r1610707 |
marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
martin.swende.se/blog/HTTPChunked.html
svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
launchpad.net/bugs/cve/CVE-2013-5704
nvd.nist.gov/vuln/detail/CVE-2013-5704
security-tracker.debian.org/tracker/CVE-2013-5704
ubuntu.com/security/notices/USN-2523-1
www.cve.org/CVERecord?id=CVE-2013-5704