CVE-2013-5704
apache2 - security update
EPSS 65.0%
Description
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
How to fix CVE-2013-5704
To remediate CVE-2013-5704, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.4.10-2 or later
- Debian/apache2—upgrade to 2.2.16-6+squeeze14 or later
Is CVE-2013-5704 being exploited?
Likely — EPSS is 65.0%, placing CVE-2013-5704 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 2.4.10-2
- from 0, < 2.2.16-6+squeeze14