LOGIN
CONTACT SALES
LOGIN
CONTACT SALES

Apache – CVE-2013-5704

Description

Cytrix has detected a flaw in the way httpd is handling HTTP Trailer headers when processing requests using chunked encoding. Also known as CVE-2013-5704.
We can use HTTP trailers to replace HTTP headers during the processing of the request.

That could potentially “confuse” modules that examined or modified request headers.

Due to Improper Authentication and the “mod_headers” module in the Apache HTTP Server remote attackers can bypass “RequestHeader unset” directives.
They do that by placing a header in the trailer portion of data sent with chunked transfer coding.

Further abusing it, attackers could bypass the header restrictions defined with mod_headers.

Severity/Score

CVSS Version 2.0 – 6.1 Medium

Recommendation

To prevent CVE-2013-5704, update the version of the Apache httpd being used to either 2.2.29, or to version 2.4.12 and higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704

https://cwe.mitre.org/data/definitions/287.html

< Return to all Vulnerabilities

Request a Demo

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Cytrix! If you’ve been on the internet for over an hour, you probably already heard of

Read More »
Facebook Linkedin

Company

Resources

Docs

Latest posts

PING US
Facebook Linkedin