Description
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
Remediation
References
Related Vulnerabilities
WordPress Plugin Language Bar Flags Cross-Site Request Forgery (1.0.8)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2402)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7486)
Oracle Database Server CVE-2012-0520 Vulnerability (CVE-2012-0520)