The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
References
Configurations
History
21 Nov 2024, 01:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html - Broken Link | |
References | () http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html - Mailing List, Third Party Advisory | |
References | () http://sourceforge.net/mailarchive/message.php?msg_id=30900019 - Third Party Advisory | |
References | () http://www.modsecurity.org/ - Vendor Advisory | |
References | () http://www.shookalabs.com/ - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=967615 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba - Patch, Third Party Advisory | |
References | () https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py - Exploit, Third Party Advisory | |
References | () https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES - Broken Link |
Information
Published : 2013-07-15 15:55
Updated : 2024-11-21 01:52
NVD link : CVE-2013-2765
Mitre link : CVE-2013-2765
CVE.ORG link : CVE-2013-2765
JSON object : View
Products Affected
opensuse
- opensuse
apache
- http_server
trustwave
- modsecurity
CWE
CWE-476
NULL Pointer Dereference