apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
References
Link | Resource |
---|---|
http://martin.swende.se/blog/HTTPChunked.html | Exploit Third Party Advisory |
http://www.debian.org/security/2014/dsa-2991 | Third Party Advisory |
https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-04-15T10:00:00
Updated: 2014-11-24T15:57:00
Reserved: 2013-09-05T00:00:00
Link: CVE-2013-5705
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-04-15T10:55:11.197
Modified: 2021-02-12T17:26:58.533
Link: CVE-2013-5705
JSON object: View
Redhat Information
No data.
CWE