CVE-2013-2765

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html Broken Link
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html Mailing List Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_id=30900019 Third Party Advisory
http://www.modsecurity.org/ Vendor Advisory
http://www.shookalabs.com/ Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=967615 Issue Tracking Patch Third Party Advisory
https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba Patch Third Party Advisory
https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py Exploit Third Party Advisory
https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES Broken Link
http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html Broken Link
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html Mailing List Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_id=30900019 Third Party Advisory
http://www.modsecurity.org/ Vendor Advisory
http://www.shookalabs.com/ Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=967615 Issue Tracking Patch Third Party Advisory
https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba Patch Third Party Advisory
https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py Exploit Third Party Advisory
https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES Broken Link
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

History

21 Nov 2024, 01:52

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html - Broken Link () http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html - Broken Link
References () http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html - Mailing List, Third Party Advisory
References () http://sourceforge.net/mailarchive/message.php?msg_id=30900019 - Third Party Advisory () http://sourceforge.net/mailarchive/message.php?msg_id=30900019 - Third Party Advisory
References () http://www.modsecurity.org/ - Vendor Advisory () http://www.modsecurity.org/ - Vendor Advisory
References () http://www.shookalabs.com/ - Third Party Advisory () http://www.shookalabs.com/ - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=967615 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=967615 - Issue Tracking, Patch, Third Party Advisory
References () https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba - Patch, Third Party Advisory () https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba - Patch, Third Party Advisory
References () https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py - Exploit, Third Party Advisory () https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py - Exploit, Third Party Advisory
References () https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES - Broken Link () https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES - Broken Link

Information

Published : 2013-07-15 15:55

Updated : 2024-11-21 01:52


NVD link : CVE-2013-2765

Mitre link : CVE-2013-2765

CVE.ORG link : CVE-2013-2765


JSON object : View

Products Affected

opensuse

  • opensuse

apache

  • http_server

trustwave

  • modsecurity
CWE
CWE-476

NULL Pointer Dereference