Description
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
Remediation
References
Related Vulnerabilities
WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Request Forgery (2.4.1)
PHP Other Vulnerability (CVE-2007-4441)
WordPress Plugin Contact Form 7 Privilege Escalation (5.0.3)
WordPress Plugin Broken Link Checker Multiple Cross-Site Scripting Vulnerabilities (1.9.1)
WordPress Plugin 0mk Shortener Cross-Site Request Forgery (0.2)