Apache version older than 1.3.34

Apache version older than 1.3.34

Published on 2005-11-09. Updated on 2007-03-20.

Description:

Two potential security issues have been fixed in Apache version 1.3.34:

• If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.
• Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.

Affected Apache versions (up to 1.3.33).

Impact:
Multiple. Check references for details about every vulnerability.

Recommendation:
Upgrade Apache to the latest version.

Tags: Scripts

Alert Tags: configuration
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: Apache

References:

Apache HTTP Server 1.x announcement

Apache homepage

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking