Description
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
Remediation
References
Related Vulnerabilities
MediaWiki Session Fixation Vulnerability (CVE-2013-4572)
WordPress Plugin Tapfiliate Cross-Site Scripting (3.0.12)
Oracle JRE CVE-2012-3213 Vulnerability (CVE-2012-3213)
Moodle CVE-2019-14880 Vulnerability (CVE-2019-14880)
WordPress Plugin YAWPP (Yet Another WordPress Petition Plugin) SQL Injection (1.2)