Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-5704

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-5704
Last Modified 18 Sep 2015 09:59:05
Published 15 Apr 2014 06:55:11
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-5704

Summary

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

Vulnerable Systems

Application

  • Apache Http Server 2.2.22


References

MISC - http://martin.swende.se/blog/HTTPChunked.html

MLIST - [dev] 20140401 CVE-2013-5704, mod_headers and chunked trailer fields

CONFIRM - http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h

CONFIRM - http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

UBUNTU - USN-2523-1

REDHAT - RHSA-2015:0325

CONFIRM - https://support.apple.com/HT204659

APPLE - APPLE-SA-2015-04-08-2

BUGTRAQ - 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE

MISC - http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html

BID - 66550

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

CONFIRM - https://support.apple.com/HT205219

APPLE - APPLE-SA-2015-09-16-4

Related Patches

Apple 2015-004 Security Update for Mac OS X 10.8.5 (HT204659)

Apple 2015-004 Security Update for Mac OS X 10.9.5 (HT204659)

Apple Yosemite 10.10.3 Update (Combo) for Mac OS X (HT204659)

Apple Yosemite 10.10.3 Update for Mac OS X (HT204659)


Last Updated: 27 May 2016 10:55:49