Mandriva Linux Security Advisory 2014-174 - The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such. The updated packages have been upgraded to the latest 2.2.29 version which is not vulnerable to this issue.
fcee1df5464ebe1c1e6cd586ef4fa054f4e6a4553cd41003cf8e0cff62185e2c