Description
Two potential security issues have been fixed in Apache version 1.3.34:
- If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.
- Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.
Remediation
Upgrade Apache to the latest version.
References
Related Vulnerabilities
WordPress Plugin ALO EasyMail Newsletter Cross-Site Request Forgery (2.6.01)
Play Framework Uncontrolled Recursion Vulnerability (CVE-2020-26882)
Oracle JRE CVE-2014-0429 Vulnerability (CVE-2014-0429)
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)
WordPress Plugin Coming Soon & Maintenance Mode Page Cross-Site Request Forgery (1.57)