Apache version older than 1.3.34

Description
  • <div class="bb-coolbox"><span class="bb-dark">This alert was generated using only banner information. It may be a false positive. </span></div><br/>Two potential security issues have been fixed in Apache version 1.3.34:<br/><ul> <li>If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.</li> <li>Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.</li> </ul><span class="bb-navy">Affected Apache versions (up to 1.3.33).</span><br/>
Remediation
  • Upgrade Apache to the latest version.
References
Severity
Classification
Tags