The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 2.2.0 (including) | 2.2.0 (including) |
Http_server | Apache | 2.2.2 (including) | 2.2.2 (including) |
Http_server | Apache | 2.2.3 (including) | 2.2.3 (including) |
Http_server | Apache | 2.2.4 (including) | 2.2.4 (including) |
Http_server | Apache | 2.2.5 (including) | 2.2.5 (including) |
Http_server | Apache | 2.2.6 (including) | 2.2.6 (including) |
Http_server | Apache | 2.2.8 (including) | 2.2.8 (including) |
Http_server | Apache | 2.2.9 (including) | 2.2.9 (including) |
Http_server | Apache | 2.2.10 (including) | 2.2.10 (including) |
Http_server | Apache | 2.2.11 (including) | 2.2.11 (including) |
Http_server | Apache | 2.2.12 (including) | 2.2.12 (including) |
Http_server | Apache | 2.2.13 (including) | 2.2.13 (including) |
Http_server | Apache | 2.2.14 (including) | 2.2.14 (including) |
Http_server | Apache | 2.2.15 (including) | 2.2.15 (including) |
Http_server | Apache | 2.2.16 (including) | 2.2.16 (including) |
Http_server | Apache | 2.2.17 (including) | 2.2.17 (including) |
Http_server | Apache | 2.2.18 (including) | 2.2.18 (including) |
Http_server | Apache | 2.2.19 (including) | 2.2.19 (including) |
Http_server | Apache | 2.2.20 (including) | 2.2.20 (including) |
Http_server | Apache | 2.2.21 (including) | 2.2.21 (including) |
Http_server | Apache | 2.2.22 (including) | 2.2.22 (including) |
Http_server | Apache | 2.2.23 (including) | 2.2.23 (including) |
Http_server | Apache | 2.2.24 (including) | 2.2.24 (including) |
Http_server | Apache | 2.2.25 (including) | 2.2.25 (including) |
Http_server | Apache | 2.2.26 (including) | 2.2.26 (including) |
Http_server | Apache | 2.2.27 (including) | 2.2.27 (including) |
Http_server | Apache | 2.4.1 (including) | 2.4.1 (including) |
Http_server | Apache | 2.4.2 (including) | 2.4.2 (including) |
Http_server | Apache | 2.4.3 (including) | 2.4.3 (including) |
Http_server | Apache | 2.4.4 (including) | 2.4.4 (including) |
Http_server | Apache | 2.4.6 (including) | 2.4.6 (including) |
Http_server | Apache | 2.4.7 (including) | 2.4.7 (including) |
Http_server | Apache | 2.4.9 (including) | 2.4.9 (including) |
Http_server | Apache | 2.4.10 (including) | 2.4.10 (including) |