PT-2004-2669 · Modsecurity · Modsecurity

Evgeny Legerov

Publicado

2004-12-31

Atualizado

2017-07-11

CVE-2004-1765

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ModSecurity (mod security) version 1.7.4

Description The issue is an off-by-one buffer overflow that can be triggered when the SecFilterScanPost option is enabled. This allows remote attackers to execute arbitrary code by sending crafted POST requests.

Recommendations For ModSecurity (mod security) version 1.7.4, consider disabling the SecFilterScanPost option as a temporary workaround until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1765

Produtos afetados

Modsecurity

PT-2004-2669 · Modsecurity · Modsecurity

CVE-2004-1765

Identificadores relacionados

Produtos afetados

Referências · 8