Apache version older than 1.3.34

Description
  • This alert was generated using only banner information. It may be a false positive.

    Two potential security issues have been fixed in Apache version 1.3.34:
    • If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.
    • Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.
    Affected Apache versions (up to 1.3.33).
Remediation
  • Upgrade Apache to the latest version.
References