cbcvebase.
CVE-2007-1359
published 2007-03-08

CVE-2007-1359: Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded…

PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
6.62%
93.0th percentile
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

Affected

7 ranges
VendorProductVersion rangeFixed in
mod_securitymod_security
mod_securitymod_security
mod_securitymod_security
mod_securitymod_security
mod_securitymod_security
mod_securitymod_security
mod_securitymod_security
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.