PT-2004-2669 · Modsecurity · Modsecurity

Evgeny Legerov

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1765

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ModSecurity (mod security) version 1.7.4

Description The issue is an off-by-one buffer overflow that can be triggered when the SecFilterScanPost option is enabled. This allows remote attackers to execute arbitrary code by sending crafted POST requests.

Recommendations For ModSecurity (mod security) version 1.7.4, consider disabling the SecFilterScanPost option as a temporary workaround until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1765

Affected Products

Modsecurity

PT-2004-2669 · Modsecurity · Modsecurity

CVE-2004-1765

Related Identifiers

Affected Products

References · 8