Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2013-5704

Public on 2014-04-15
Modified on 2015-02-12
Description

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers.

Severity
Low
See what this means
CVSS v3 Base Score
4.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 httpd 2014-09-17 21:48 ALAS-2014-414
Amazon Linux 1 httpd24 2015-02-12 10:57 ALAS-2015-483

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N