CVE Vulnerabilities

CVE-2013-5704

Published: Apr 15, 2014 | Modified: Apr 14, 2022
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 2.2.0 2.2.0
Http_server Apache 2.2.2 2.2.2
Http_server Apache 2.2.3 2.2.3
Http_server Apache 2.2.4 2.2.4
Http_server Apache 2.2.5 2.2.5
Http_server Apache 2.2.6 2.2.6
Http_server Apache 2.2.8 2.2.8
Http_server Apache 2.2.9 2.2.9
Http_server Apache 2.2.10 2.2.10
Http_server Apache 2.2.11 2.2.11
Http_server Apache 2.2.12 2.2.12
Http_server Apache 2.2.13 2.2.13
Http_server Apache 2.2.14 2.2.14
Http_server Apache 2.2.15 2.2.15
Http_server Apache 2.2.16 2.2.16
Http_server Apache 2.2.17 2.2.17
Http_server Apache 2.2.18 2.2.18
Http_server Apache 2.2.19 2.2.19
Http_server Apache 2.2.20 2.2.20
Http_server Apache 2.2.21 2.2.21
Http_server Apache 2.2.22 2.2.22
Http_server Apache 2.2.23 2.2.23
Http_server Apache 2.2.24 2.2.24
Http_server Apache 2.2.25 2.2.25
Http_server Apache 2.2.26 2.2.26
Http_server Apache 2.2.27 2.2.27
Http_server Apache 2.4.1 2.4.1
Http_server Apache 2.4.2 2.4.2
Http_server Apache 2.4.3 2.4.3
Http_server Apache 2.4.4 2.4.4
Http_server Apache 2.4.6 2.4.6
Http_server Apache 2.4.7 2.4.7
Http_server Apache 2.4.9 2.4.9
Http_server Apache 2.4.10 2.4.10
Red Hat Enterprise Linux 6 RedHat httpd-0:2.2.15-45.el6 *
Red Hat Enterprise Linux 7 RedHat httpd-0:2.4.6-31.el7 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 5 RedHat httpd-0:2.2.26-41.ep6.el5 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 5 RedHat mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 RedHat httpd-0:2.2.26-41.ep6.el6 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 RedHat mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 RedHat httpd22-0:2.2.26-42.ep6.el7 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 RedHat mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7 *
Red Hat JBoss Web Server 2.1 RedHat httpd *
Red Hat JBoss Web Server 3.0 RedHat *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat httpd24-0:2.4.6-59.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat mod_bmx-0:0.9.5-7.GA.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat tomcat7-0:7.0.59-42_patch_01.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat tomcat8-0:8.0.18-52_patch_01.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 6 RedHat tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el6 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat httpd24-0:2.4.6-59.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat mod_bmx-0:0.9.5-7.GA.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat tomcat7-0:7.0.59-42_patch_01.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat tomcat8-0:8.0.18-52_patch_01.ep7.el7 *
Red Hat JBoss Web Server 3 for RHEL 7 RedHat tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el7 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 RedHat httpd24-httpd-0:2.4.6-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS RedHat httpd24-httpd-0:2.4.6-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS RedHat httpd24-httpd-0:2.4.6-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS RedHat httpd24-httpd-0:2.4.6-22.el6 *
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 RedHat httpd24-httpd-0:2.4.6-25.el7 *
Apache2 Ubuntu lucid *
Apache2 Ubuntu precise *
Apache2 Ubuntu quantal *
Apache2 Ubuntu saucy *
Apache2 Ubuntu trusty *
Apache2 Ubuntu trusty/esm *
Apache2 Ubuntu upstream *
Apache2 Ubuntu utopic *

References