Description
A flaw was found in the way httpd handled HTTP Trailer headers when processing
requests using chunked encoding. A malicious client could use Trailer headers to
set additional HTTP headers after header processing was performed by other
modules. This could, for example, lead to a bypass of header restrictions
defined with mod_headers. (CVE-2013-5704)
A NULL pointer dereference flaw was found in the way the mod_cache httpd module
handled Content-Type headers. A malicious HTTP server could cause the httpd
child process to crash when the Apache HTTP server was configured to proxy to a
server with caching enabled. (CVE-2014-3581)