CVE Vulnerabilities

CVE-2013-5704

Published: Apr 15, 2014 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
LOW

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 2.2.0 (including) 2.2.0 (including)
Http_server Apache 2.2.2 (including) 2.2.2 (including)
Http_server Apache 2.2.3 (including) 2.2.3 (including)
Http_server Apache 2.2.4 (including) 2.2.4 (including)
Http_server Apache 2.2.5 (including) 2.2.5 (including)
Http_server Apache 2.2.6 (including) 2.2.6 (including)
Http_server Apache 2.2.8 (including) 2.2.8 (including)
Http_server Apache 2.2.9 (including) 2.2.9 (including)
Http_server Apache 2.2.10 (including) 2.2.10 (including)
Http_server Apache 2.2.11 (including) 2.2.11 (including)
Http_server Apache 2.2.12 (including) 2.2.12 (including)
Http_server Apache 2.2.13 (including) 2.2.13 (including)
Http_server Apache 2.2.14 (including) 2.2.14 (including)
Http_server Apache 2.2.15 (including) 2.2.15 (including)
Http_server Apache 2.2.16 (including) 2.2.16 (including)
Http_server Apache 2.2.17 (including) 2.2.17 (including)
Http_server Apache 2.2.18 (including) 2.2.18 (including)
Http_server Apache 2.2.19 (including) 2.2.19 (including)
Http_server Apache 2.2.20 (including) 2.2.20 (including)
Http_server Apache 2.2.21 (including) 2.2.21 (including)
Http_server Apache 2.2.22 (including) 2.2.22 (including)
Http_server Apache 2.2.23 (including) 2.2.23 (including)
Http_server Apache 2.2.24 (including) 2.2.24 (including)
Http_server Apache 2.2.25 (including) 2.2.25 (including)
Http_server Apache 2.2.26 (including) 2.2.26 (including)
Http_server Apache 2.2.27 (including) 2.2.27 (including)
Http_server Apache 2.4.1 (including) 2.4.1 (including)
Http_server Apache 2.4.2 (including) 2.4.2 (including)
Http_server Apache 2.4.3 (including) 2.4.3 (including)
Http_server Apache 2.4.4 (including) 2.4.4 (including)
Http_server Apache 2.4.6 (including) 2.4.6 (including)
Http_server Apache 2.4.7 (including) 2.4.7 (including)
Http_server Apache 2.4.9 (including) 2.4.9 (including)
Http_server Apache 2.4.10 (including) 2.4.10 (including)
Red Hat Enterprise Linux 6 RedHat httpd-0:2.2.15-45.el6 *
Red Hat Enterprise Linux 7 RedHat httpd-0:2.4.6-31.el7 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 5 RedHat httpd-0:2.2.26-41.ep6.el5 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 5 RedHat mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 RedHat httpd-0:2.2.26-41.ep6.el6 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 RedHat mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 RedHat httpd22-0:2.2.26-42.ep6.el7 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 RedHat mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7 *
Red Hat JBoss Web Server 2.1 RedHat httpd *
Red Hat JBoss Web Server 3.0 RedHat *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat httpd24-0:2.4.6-59.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat mod_bmx-0:0.9.5-7.GA.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat tomcat7-0:7.0.59-42_patch_01.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat tomcat8-0:8.0.18-52_patch_01.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat httpd24-0:2.4.6-59.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat mod_bmx-0:0.9.5-7.GA.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat tomcat7-0:7.0.59-42_patch_01.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat tomcat8-0:8.0.18-52_patch_01.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el7 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 RedHat httpd24-httpd-0:2.4.6-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS RedHat httpd24-httpd-0:2.4.6-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS RedHat httpd24-httpd-0:2.4.6-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS RedHat httpd24-httpd-0:2.4.6-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 RedHat httpd24-httpd-0:2.4.6-25.el7 *
Apache2 Ubuntu lucid *
Apache2 Ubuntu precise *
Apache2 Ubuntu quantal *
Apache2 Ubuntu saucy *
Apache2 Ubuntu trusty *
Apache2 Ubuntu trusty/esm *
Apache2 Ubuntu upstream *
Apache2 Ubuntu utopic *

References