Description
Two potential security issues have been fixed in Apache version 1.3.34:
- If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.
- Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.
Remediation
Upgrade Apache to the latest version.
References
Related Vulnerabilities
WordPress Plugin Automated Content for Real Estate Multiple Unspecified Vulnerabilities (5.4.2)
WordPress Plugin AdPlugg WordPress Ad Cross-Site Scripting (1.1.33)
Drupal Core 8.6.x Cross-Site Scripting (8.6.0 - 8.6.12)
WordPress Plugin WordPress Clean Up & Optimizer-Clean Up Optimizer SQL Injection (3.0.13)
WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (1.7.0)