Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-5705

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-5705
Last Modified 02 Dec 2014 10:00:13
Published 15 Apr 2014 06:55:11
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-5705

Summary

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

Vulnerable Systems

Application

  • Modsecurity 2.0.0

  • Modsecurity 2.0.1

  • Modsecurity 2.0.2

  • Modsecurity 2.0.3

  • Modsecurity 2.0.4

  • Modsecurity 2.1.0

  • Modsecurity 2.1.1

  • Modsecurity 2.1.2

  • Modsecurity 2.1.3

  • Modsecurity 2.1.4

  • Modsecurity 2.1.5

  • Modsecurity 2.1.6

  • Modsecurity 2.5.0

  • Modsecurity 2.5.1

  • Modsecurity 2.5.10

  • Modsecurity 2.5.11

  • Modsecurity 2.5.12

  • Modsecurity 2.5.13

  • Modsecurity 2.5.2

  • Modsecurity 2.5.3

  • Modsecurity 2.5.4

  • Modsecurity 2.5.5

  • Modsecurity 2.5.6

  • Modsecurity 2.5.7

  • Modsecurity 2.5.8

  • Modsecurity 2.5.9

  • Modsecurity 2.6.0

  • Modsecurity 2.6.1

  • Modsecurity 2.6.2

  • Modsecurity 2.6.3

  • Modsecurity 2.6.4

  • Modsecurity 2.6.5

  • Modsecurity 2.6.7

  • Modsecurity 2.6.8

  • Modsecurity 2.7.0

  • Modsecurity 2.7.1

  • Modsecurity 2.7.2

  • Modsecurity 2.7.3

  • Modsecurity 2.7.4

  • Modsecurity 2.7.5


References

CONFIRM - https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d

MISC - http://martin.swende.se/blog/HTTPChunked.html

DEBIAN - DSA-2991


Last Updated: 27 May 2016 11:04:56