apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
References
Link | Resource |
---|---|
http://martin.swende.se/blog/HTTPChunked.html | Exploit Third Party Advisory |
http://www.debian.org/security/2014/dsa-2991 | Third Party Advisory |
https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d | Patch Third Party Advisory |
Configurations
History
12 Feb 2021, 17:26
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d - Patch, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2014/dsa-2991 - Third Party Advisory | |
References | (MISC) http://martin.swende.se/blog/HTTPChunked.html - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:trustwave:modsecurity:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.10:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.1:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.4:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.2:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.7.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.12:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.7:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.3:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.13:dev1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.0:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.8:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.5:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.2:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.5:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.9:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.7.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.6:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.7:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.8:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.6:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
CWE | NVD-CWE-noinfo |
10 Feb 2021, 15:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:modsecurity:modsecurity:2.5.6:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.8:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.7:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.5:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.1:rc1:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.5:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.7:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.4:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.7.3:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.2:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.4:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.1.6:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.3:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.7.4:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.11:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.7.0:rc3:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.10:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.13:dev1:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.7.2:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.8:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.2:rc1:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.4:rc1:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.0:rc1:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.9:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.6.3:rc1:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.5.12:*:*:*:*:*:*:* cpe:2.3:a:modsecurity:modsecurity:2.0.1:*:*:*:*:*:*:* |
cpe:2.3:a:trustwave:modsecurity:2.5.11:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.10:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.1:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.4:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.2:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.7.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.12:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.7:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.3:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.13:dev1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.0:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.8:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.5:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.2:rc1:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.4:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.5:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.9:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.7.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.6:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.5.7:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.6.8:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:trustwave:modsecurity:2.1.6:*:*:*:*:*:*:* |
Information
Published : 2014-04-15 10:55
Updated : 2023-12-10 11:31
NVD link : CVE-2013-5705
Mitre link : CVE-2013-5705
CVE.ORG link : CVE-2013-5705
JSON object : View
Products Affected
debian
- debian_linux
trustwave
- modsecurity
CWE