Description
Two potential security issues have been fixed in Apache version 1.3.34:
- If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.
- Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.
Remediation
Upgrade Apache to the latest version.
References
Related Vulnerabilities
Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2021-25329)
Joomla Other Vulnerability (CVE-2006-0303)
WordPress Plugin WordPress Users 'uid' Parameter SQL Injection (1.3)
WordPress Plugin Essential Widgets Security Bypass (1.8)
WordPress Plugin WP-DownloadManager Cross-Site Scripting (1.67)