CVE-2013-5704

Public on 2014-04-15
Modified on 2015-02-12
Description
A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers.
Severity
Low severity
Low
CVSS v3 Base Score
4.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 httpd 2014-09-17 ALAS-2014-414 Fixed
Amazon Linux 1 httpd24 2015-02-12 ALAS-2015-483 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N