Apache – CVE-2013-5704

Description

Kayran has detected a flaw in the way httpd is handling HTTP Trailer headers when processing requests using chunked encoding. Also known as CVE-2013-5704.
We can use HTTP trailers to replace HTTP headers during the processing of the request.

That could potentially “confuse” modules that examined or modified request headers.

Due to Improper Authentication and the “mod_headers” module in the Apache HTTP Server remote attackers can bypass “RequestHeader unset” directives.
They do that by placing a header in the trailer portion of data sent with chunked transfer coding.

Further abusing it, attackers could bypass the header restrictions defined with mod_headers.

Recommendation

To prevent CVE-2013-5704, update the version of the Apache httpd being used to either 2.2.29, or to version 2.4.12 and higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704

https://cwe.mitre.org/data/definitions/287.html

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »