Описание
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.4.10-8ubuntu2 |
| esm-infra-legacy/trusty | released | 2.4.7-1ubuntu4.4 |
| lucid | released | 2.2.14-5ubuntu8.15 |
| precise | released | 2.2.22-1ubuntu1.8 |
| quantal | ignored | end of life |
| saucy | ignored | end of life |
| trusty | released | 2.4.7-1ubuntu4.4 |
| trusty/esm | released | 2.4.7-1ubuntu4.4 |
| upstream | released | 2.2.29,2.4.11 |
| utopic | released | 2.4.10-1ubuntu1.1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
ELSA-2015-1249: httpd security, bug fix, and enhancement update (LOW)
EPSS
5 Medium
CVSS2