Description
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.0.0 - 3.9.14)
WordPress Plugin WP TripAdvisor Review Slider Cross-Site Scripting (11.8)
Apache Traffic Server CVE-2014-3525 Vulnerability (CVE-2014-3525)
IBM RTC Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-29786)
WordPress Plugin Responsive Logo Slideshow Cross-Site Scripting (1.0)