CVE-2013-5704

medium

Apache

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Score

64.7%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

Availability

None

Published: April 15, 2014 (4413 days ago)

Last Modified: May 6, 2026

Vendor: Apache

Source: NVD

Description

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CWE

NVD-CWE-noinfo

Affected Products

apache http serverredhat enterprise linux desktopredhat enterprise linux eusredhat enterprise linux serverredhat enterprise linux server ausredhat enterprise linux server tusredhat enterprise linux workstationredhat jboss enterprise web serveroracle enterprise manager ops centeroracle http server

References

🔗 lists.apple.com 🔗 lists.apple.com 🔗 marc.info 🔗 marc.info 🔗 marc.info

CVE-2013-5704

Vulnerability Report

Description

CWE

Affected Products

References