CVE-2013-5704
Find out more about CVE-2013-5704 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue affects the versions of the httpd package as shipped with Red Hat JBoss Enterprise Application Platform 6; and Red Hat JBoss Web Server 2. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Red Hat Certificate System does not use the mod_headers module, even when installed, and is thus not affected by this flaw.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Red Hat JBoss Enterprise Application Platform 5 and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (httpd) | RHSA-2015:1249 | 2015-07-20 |
| Red Hat JBoss Web Server 3.0 for RHEL 7 | RHSA-2015:2660 | 2015-12-16 |
| Red Hat JBoss Web Server 3.0 for RHEL 6 | RHSA-2015:2659 | 2015-12-16 |
| Red Hat JBoss Web Server 2.1 | RHSA-2016:0062 | 2016-01-21 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server (httpd) | RHSA-2016:0061 | 2016-01-21 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server | RHSA-2016:0061 | 2016-01-21 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server (httpd) | RHSA-2016:0061 | 2016-01-21 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 (httpd24-httpd) | RHSA-2014:1972 | 2014-12-09 |
| Red Hat JBoss Web Server 3.0 | RHSA-2015:2661 | 2015-12-16 |
| Red Hat Enterprise Linux 7 (httpd) | RHSA-2015:0325 | 2015-03-05 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 (httpd24-httpd) | RHSA-2014:1972 | 2014-12-09 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss EWS 1 | httpd | Will not fix |
| Red Hat JBoss EAP 6 | httpd | Fix deferred |
| Red Hat JBoss EAP 5 | httpd | Will not fix |
| Red Hat Enterprise Linux 5 | httpd | Will not fix |
| Red Hat Directory Server 8 | httpd | Will not fix |
