PT-2014-2947 · Trustwave+2 · Modsecurity+2

Brenosilva

Published

2014-04-15

Updated

2021-02-12

CVE-2013-5705

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 2.7.6

Description The issue allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

Recommendations For versions prior to 2.7.6, update to version 2.7.6 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2016-1387

CVE-2013-5705

DLA-34-1

DSA-2991-1

MGASA-2014-0180

OPENSUSE-SU-2014_0969-1

SUSE-SU-2014_0972-1

Affected Products

Alt Linux

Modsecurity

Suse

PT-2014-2947 · Trustwave+2 · Modsecurity+2

CVE-2013-5705

Related Identifiers

Affected Products

References · 40