CVE-2013-2765

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 2.7.4

Description The issue allows remote attackers to cause a denial of service through a POST request with a large body and a crafted Content-Type header, resulting in a NULL pointer dereference, process crash, and disk consumption.

Recommendations For versions prior to 2.7.4, update to version 2.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the ModSecurity module to minimize the risk of exploitation. Avoid using the Content-Type header in POST requests to the affected module until the issue is resolved.