The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 2.2.0 | 2.2.0 |
Http_server | Apache | 2.2.2 | 2.2.2 |
Http_server | Apache | 2.2.3 | 2.2.3 |
Http_server | Apache | 2.2.4 | 2.2.4 |
Http_server | Apache | 2.2.5 | 2.2.5 |
Http_server | Apache | 2.2.6 | 2.2.6 |
Http_server | Apache | 2.2.8 | 2.2.8 |
Http_server | Apache | 2.2.9 | 2.2.9 |
Http_server | Apache | 2.2.10 | 2.2.10 |
Http_server | Apache | 2.2.11 | 2.2.11 |
Http_server | Apache | 2.2.12 | 2.2.12 |
Http_server | Apache | 2.2.13 | 2.2.13 |
Http_server | Apache | 2.2.14 | 2.2.14 |
Http_server | Apache | 2.2.15 | 2.2.15 |
Http_server | Apache | 2.2.16 | 2.2.16 |
Http_server | Apache | 2.2.17 | 2.2.17 |
Http_server | Apache | 2.2.18 | 2.2.18 |
Http_server | Apache | 2.2.19 | 2.2.19 |
Http_server | Apache | 2.2.20 | 2.2.20 |
Http_server | Apache | 2.2.21 | 2.2.21 |
Http_server | Apache | 2.2.22 | 2.2.22 |
Http_server | Apache | 2.2.23 | 2.2.23 |
Http_server | Apache | 2.2.24 | 2.2.24 |
Http_server | Apache | 2.2.25 | 2.2.25 |
Http_server | Apache | 2.2.26 | 2.2.26 |
Http_server | Apache | 2.2.27 | 2.2.27 |
Http_server | Apache | 2.4.1 | 2.4.1 |
Http_server | Apache | 2.4.2 | 2.4.2 |
Http_server | Apache | 2.4.3 | 2.4.3 |
Http_server | Apache | 2.4.4 | 2.4.4 |
Http_server | Apache | 2.4.6 | 2.4.6 |
Http_server | Apache | 2.4.7 | 2.4.7 |
Http_server | Apache | 2.4.9 | 2.4.9 |
Http_server | Apache | 2.4.10 | 2.4.10 |
Red Hat Enterprise Linux 6 | RedHat | httpd-0:2.2.15-45.el6 | * |
Red Hat Enterprise Linux 7 | RedHat | httpd-0:2.4.6-31.el7 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 5 | RedHat | httpd-0:2.2.26-41.ep6.el5 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 5 | RedHat | mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | httpd-0:2.2.26-41.ep6.el6 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | httpd22-0:2.2.26-42.ep6.el7 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7 | * |
Red Hat JBoss Web Server 2.1 | RedHat | httpd | * |
Red Hat JBoss Web Server 3.0 | RedHat | * | |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | httpd24-0:2.4.6-59.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | mod_bmx-0:0.9.5-7.GA.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | tomcat7-0:7.0.59-42_patch_01.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | tomcat8-0:8.0.18-52_patch_01.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | httpd24-0:2.4.6-59.ep7.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | mod_bmx-0:0.9.5-7.GA.ep7.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | tomcat7-0:7.0.59-42_patch_01.ep7.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | tomcat8-0:8.0.18-52_patch_01.ep7.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el7 | * |
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | RedHat | httpd24-httpd-0:2.4.6-22.el6 | * |
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | RedHat | httpd24-httpd-0:2.4.6-22.el6 | * |
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | RedHat | httpd24-httpd-0:2.4.6-22.el6 | * |
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS | RedHat | httpd24-httpd-0:2.4.6-22.el6 | * |
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 | RedHat | httpd24-httpd-0:2.4.6-25.el7 | * |
Apache2 | Ubuntu | lucid | * |
Apache2 | Ubuntu | precise | * |
Apache2 | Ubuntu | quantal | * |
Apache2 | Ubuntu | saucy | * |
Apache2 | Ubuntu | trusty | * |
Apache2 | Ubuntu | trusty/esm | * |
Apache2 | Ubuntu | upstream | * |
Apache2 | Ubuntu | utopic | * |