Severity

Theme

CVE-2013-5704

MEDIUM

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

References

http://martin.swende.se/blog/HTTPChunked.html

http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.ubuntu.com/usn/USN-2523-1

http://rhn.redhat.com/errata/RHSA-2015-0325.html

https://support.apple.com/HT204659

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://www.securityfocus.com/bid/66550

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

https://support.apple.com/HT205219

http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://marc.info/?l=bugtraq&m=144493176821532&w=2

http://marc.info/?l=bugtraq&m=143403519711434&w=2

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://rhn.redhat.com/errata/RHSA-2016-0062.html

http://rhn.redhat.com/errata/RHSA-2016-0061.html

https://access.redhat.com/errata/RHSA-2015:2660

http://rhn.redhat.com/errata/RHSA-2015-2661.html

https://access.redhat.com/errata/RHSA-2015:2659

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

https://security.gentoo.org/glsa/201504-03

http://rhn.redhat.com/errata/RHSA-2015-1249.html

https://httpd.apache.org/security/vulnerabilities_24.html

http://www.mandriva.com/security/advisories?name=MDVSA-2014:174

http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2014-04-15

Updated: 2021-06-06

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*

Tenable Plugins

View all (38 total)

ID	Name	Product	Family	Severity
144289	IBM HTTP Server 8.5.0.0 <= 8.5.5.2 / 8.0.0.0 <= 8.0.0.9 / 7.0.0.0 <= 7.0.0.33 / 6.1.0.0. <= 6.1.0.47 / 6.0.2.0 <= 6.0.2.43 Multiple Vulnerabilities (509275)	Nessus	Web Servers	high
124922	EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)	Nessus	Huawei Local Security Checks	critical
700510	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
98907	Apache 2.4.x < 2.4.12 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
91367	F5 Networks BIG-IP : Apache vulnerability (K16863)	Nessus	F5 Networks Local Security Checks	medium
88077	RHEL 5 / 6 / 7 : JBoss Web Server (RHSA-2016:0061)	Nessus	Red Hat Local Security Checks	medium
87458	RHEL 7 : JBoss Web Server (RHSA-2015:2660)	Nessus	Red Hat Local Security Checks	medium
87457	RHEL 6 : JBoss Web Server (RHSA-2015:2659)	Nessus	Red Hat Local Security Checks	medium
86066	Mac OS X : OS X Server < 5.0.3 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
85196	Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20150722)	Nessus	Scientific Linux Local Security Checks	medium
85008	CentOS 6 : httpd (CESA-2015:1249)	Nessus	CentOS Local Security Checks	medium
84911	RHEL 6 : httpd (RHSA-2015:1249)	Nessus	Red Hat Local Security Checks	medium
83945	SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:0974-1)	Nessus	SuSE Local Security Checks	medium
82916	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2015-111-03)	Nessus	Slackware Local Security Checks	medium
82733	GLSA-201504-03 : Apache: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
82700	Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)	Nessus	MacOS X Local Security Checks	critical
82699	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)	Nessus	MacOS X Local Security Checks	critical
82657	SuSE 11.3 Security Update : apache2 (SAT Patch Number 10533)	Nessus	SuSE Local Security Checks	medium
82252	Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)	Nessus	Scientific Linux Local Security Checks	medium
82216	Debian DLA-71-1 : apache2 security update	Nessus	Debian Local Security Checks	medium
81888	CentOS 7 : httpd (CESA-2015:0325)	Nessus	CentOS Local Security Checks	medium
81837	Fedora 21 : httpd-2.4.10-15.fc21 (2014-17195)	Nessus	Fedora Local Security Checks	medium
81802	Oracle Linux 7 : httpd (ELSA-2015-0325)	Nessus	Oracle Linux Local Security Checks	medium
81755	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : apache2 vulnerabilities (USN-2523-1)	Nessus	Ubuntu Local Security Checks	medium
81629	RHEL 7 : httpd (RHSA-2015:0325)	Nessus	Red Hat Local Security Checks	medium
81581	Fedora 20 : httpd-2.4.10-2.fc20 (2014-17153)	Nessus	Fedora Local Security Checks	medium
81401	IBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE)	Nessus	Web Servers	medium
81329	Amazon Linux AMI : httpd24 (ALAS-2015-483)	Nessus	Amazon Linux Local Security Checks	medium
81126	Apache 2.4.x < 2.4.12 Multiple Vulnerabilities	Nessus	Web Servers	medium
81116	FreeBSD : apache24 -- several vulnerabilities (5804b9d4-a959-11e4-9363-20cf30e32f6d)	Nessus	FreeBSD Local Security Checks	medium
81002	Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)	Nessus	Web Servers	high
80398	IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.4 Multiple Vulnerabilities (POODLE)	Nessus	Web Servers	medium
80300	openSUSE Security Update : apache2 (openSUSE-SU-2014:1726-1)	Nessus	SuSE Local Security Checks	medium
78604	IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities	Nessus	Web Servers	medium
78357	Amazon Linux AMI : httpd (ALAS-2014-414)	Nessus	Amazon Linux Local Security Checks	medium
77653	Mandriva Linux Security Advisory : apache (MDVSA-2014:174)	Nessus	Mandriva Local Security Checks	medium
77531	Apache 2.2.x < 2.2.28 Multiple Vulnerabilities	Nessus	Web Servers	high
76780	FreeBSD : apache22 -- several vulnerabilities (f927e06c-1109-11e4-b090-20cf30e32f6d)	Nessus	FreeBSD Local Security Checks	medium

CVE-2013-5704

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

high

critical

critical

high

medium

medium

medium

medium

critical

medium

medium

medium

medium

medium

medium

critical

critical

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high

medium

medium

medium

medium

medium

high

medium