SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass 'RequestHeader unset' directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states 'this is not a security issue in httpd as such.' (CVE-2013-5704)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K16863.