The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
07 Nov 2023, 02:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
14 Apr 2022, 16:47
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle http Server
Redhat enterprise Linux Desktop Redhat enterprise Linux Server Apple Oracle Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Redhat jboss Enterprise Web Server Canonical ubuntu Linux Redhat enterprise Linux Server Aus Oracle enterprise Manager Ops Center Oracle solaris Canonical Redhat enterprise Linux Workstation Redhat enterprise Linux Apple mac Os X Server Apple mac Os X Oracle linux Redhat |
|
References | (CONFIRM) http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h - Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2015:2660 - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201504-03 - Third Party Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=143403519711434&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-0325.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-2661.html - Broken Link, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1249.html - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-2523-1 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://support.apple.com/HT204659 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2014:174 - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html - Mailing List, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-0062.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html - Third Party Advisory | |
References | (CONFIRM) http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES - Release Notes, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2015:2659 - Third Party Advisory | |
References | (CONFIRM) https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2 - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=144493176821532&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://support.apple.com/HT205219 - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-0061.html - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/66550 - Third Party Advisory, VDB Entry | |
References | (MLIST) https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c - Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MISC) http://martin.swende.se/blog/HTTPChunked.html - Broken Link, Exploit, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.1.2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:10.1.3.5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:*:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* |
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2014-04-15 10:55
Updated : 2023-12-10 11:31
NVD link : CVE-2013-5704
Mitre link : CVE-2013-5704
CVE.ORG link : CVE-2013-5704
JSON object : View
Products Affected
redhat
- jboss_enterprise_web_server
- enterprise_linux
- enterprise_linux_workstation
- enterprise_linux_server_tus
- enterprise_linux_server
- enterprise_linux_server_aus
- enterprise_linux_desktop
- enterprise_linux_eus
oracle
- solaris
- enterprise_manager_ops_center
- linux
- http_server
apple
- mac_os_x_server
- mac_os_x
canonical
- ubuntu_linux
apache
- http_server
CWE