Published: 15/04/2014 Updated: 14/04/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote malicious users to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server 2.2.0
apache http server 2.2.2
apache http server 2.2.3
apache http server 2.2.4
apache http server 2.2.5
apache http server 2.2.6
apache http server 2.2.8
apache http server 2.2.9
apache http server 2.2.10
apache http server 2.2.11
apache http server 2.2.12
apache http server 2.2.13
apache http server 2.2.14
apache http server 2.2.15
apache http server 2.2.16
apache http server 2.2.17
apache http server 2.2.18
apache http server 2.2.19
apache http server 2.2.20
apache http server 2.2.21
apache http server 2.2.22
apache http server 2.2.23
apache http server 2.2.24
apache http server 2.2.25
apache http server 2.2.26
apache http server 2.2.27
apache http server 2.4.1
apache http server 2.4.2
apache http server 2.4.3
apache http server 2.4.4
apache http server 2.4.6
apache http server 2.4.7
apache http server 2.4.9
apache http server 2.4.10
redhat enterprise linux desktop 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux eus 7.3
redhat enterprise linux eus 7.4
redhat enterprise linux eus 7.5
redhat enterprise linux eus 7.6
redhat enterprise linux eus 7.7
redhat enterprise linux server 6.0
redhat enterprise linux server 7.0
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.4
redhat enterprise linux server aus 7.6
redhat enterprise linux server aus 7.7
redhat enterprise linux server tus 7.3
redhat enterprise linux server tus 7.6
redhat enterprise linux server tus 7.7
redhat enterprise linux workstation 6.0
redhat enterprise linux workstation 7.0
redhat jboss_enterprise_web_server 3.0.0
redhat jboss_enterprise_web_server 2.0.0
oracle enterprise manager ops center
oracle enterprise manager ops center 12.1.4
oracle enterprise manager ops center 12.2.0
oracle enterprise manager ops center 12.2.1
oracle enterprise manager ops center 12.3.0
oracle http server 10.1.3.5.0
oracle http server 11.1.1.7.0
oracle http server 12.1.2.0
oracle http server 12.1.3.0
oracle linux 6
oracle solaris 11.2
apple mac os x
apple mac os x server
canonical ubuntu linux 10.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 14.10

Synopsis Moderate: Red Hat JBoss Web Server 302 security update Type/Severity Security Advisory: Moderate Topic Updated Red Hat JBoss Web Server 302 packages are now available for RedHat Enterprise Linux 6Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerabi ...

Synopsis Moderate: Red Hat JBoss Web Server 302 security update Type/Severity Security Advisory: Moderate Topic Updated Red Hat JBoss Web Server 302 packages are now available for RedHat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerabi ...

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules This could, for example, lead to a bypass of header restrictions defined with mod_headers ...

The mod_headers module in the Apache HTTP Server 2222 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding NOTE: the vendor states "this is not a security issue in httpd as such" ...

Several security issues were fixed in the Apache HTTP Server ...

mod_luac in the mod_lua module in the Apache HTTP Server 23x and 24x through 2410 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging mu ...

Oracle Critical Patch Update Advisory - January 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisor ...

Oracle Solaris Third Party Bulletin - January 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day wh ...

Oracle Linux Bulletin - January 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are relea ...

Oracle Critical Patch Update Advisory - July 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Patch U ...

Oracle Critical Patch Update Advisory - January 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Pat ...

DC 1: Vulnhub Walkthrough Scanning nmap 192168122184 nmap -sV -A 192168122184 (service version scan) nmap -sV -A --script vuln 192168122184 (Vulnerability scan) root@kali:~# **nmap -sV -A 192168122184** Starting Nmap 780SVN ( nmaporg ) at 2021-05-27 02:58 EDT Stats: 0:00:17 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan NSE Timing: About 973

internetdb Fast IP Lookups for Open Ports and Vulnerabilities Description Shodan shodanio/ scans the internet for hosts and services and maintains a few APIs into that data One API is the InternetDB internetdbshodanio/, which allows for free querying of open ports and vulnerabilities Tools are provided to query this servce What’s Inside The Tin The f

Домашнее задание к занятию "Уязвимости и атаки на информационные системы" - Никулин Михаил Сергеевич Задание 1 ┌──(kali㉿kali)-[~] └─$ nmap -A --script vulnersnse 1921680169 Starting Nmap 793 ( nmaporg ) at 2023-04-10 13:43 EDT Nmap scan report for 192

Домашнее задание к занятию "131 «Уязвимости и атаки на информационные системы»" - Живарев Игорь Задание 1 Разрешённые сетевые службы: Обнаруженные уязвимости при агресивном сканировании: Обнаруж�

Домашнее задание к занятию 131 «Уязвимости и атаки на информационные системы» — Александр Гумлевой Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая

whitehat nmap -sV --script vuln 192168123162 output Starting Nmap 793 ( nmaporg ) at 2022-12-25 15:11 EST Pre-scan script results: | broadcast-avahi-dos: | Discovered hosts: | 22400251 | After NULL UDP avahi packet DoS (CVE-2011-1002) |_ Hosts are all up (not vulnerable) Nmap scan report for 192168123162 Host is up (000025s latency) Not shown: 97

CVE-2013-5704

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect