CVE-2007-1359
published 2007-03-08CVE-2007-1359: Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
6.62%
93.0th percentile
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mod_security | mod_security | — | — |
| mod_security | mod_security | — | — |
| mod_security | mod_security | — | — |
| mod_security | mod_security | — | — |
| mod_security | mod_security | — | — |
| mod_security | mod_security | — | — |
| mod_security | mod_security | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2007-1359: mod_security <= 2.1.0 request rule bypass
bugzilla·2007-03-10·CVSS 6.8
CVE-2007-1359 [MEDIUM] CVE-2007-1359: mod_security <= 2.1.0 request rule bypass
CVE-2007-1359: mod_security <= 2.1.0 request rule bypass
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1359
"Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows
remote attackers to bypass request rules via application/x-www-form-urlencoded
POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a
terminator even though it is still processed as normal data by some HTTP parsers
including PHP 5.2.0, and possibly parsers in Perl, and Python."
Based on version numbers, all FE releases are affected.
Discussion:
Thanks for the reminder Ville.
Ivan (Ristic, ModSecurity author) hasn't released an update for the 1.9.x branch
as yet to fix this, but does have a rule for 2.x and up that mitigates the issue
pending a full release of 2.1.1 (and I would
Bugzilla
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
bugzilla·2007-03-01·CVSS 2.1
CVE-2007-1285 [LOW] CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
Description of problem:
This bug will be used to provide tracking information for the issues reported
during the "Month of PHP Bugs" initiative, http://www.php-security.org/
Discussion:
Introduction: The PHP interpreter does not offer a reliable
"sandboxed" security layer (as found in, say, a JVM) in which
untrusted scripts can be run; any script run by the PHP interpreter
must be trusted with the privileges of the interpreter itself. In
analysis of these issues, bugs which rely on an "untrusted local
attacker" will therefore not be classified as being
security-sensitive, since no trust boundary is crossed.
---
MOPB-01-2007 describes an issue in the PHP interpreter regarding the
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143http://secunia.com/advisories/24373http://secunia.com/advisories/25316http://secunia.com/advisories/31087http://secunia.com/advisories/31113http://www.gentoo.org/security/en/glsa/glsa-200705-17.xmlhttp://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2008-090335.htmlhttp://www.osvdb.org/32778http://www.php-security.org/MOPB/BONUS-12-2007.htmlhttp://www.securityfocus.com/bid/22831http://www.vupen.com/english/advisories/2007/0868http://www.vupen.com/english/advisories/2008/2109/referenceshttp://www.vupen.com/english/advisories/2008/2115https://exchange.xforce.ibmcloud.com/vulnerabilities/32872http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143http://secunia.com/advisories/24373http://secunia.com/advisories/25316http://secunia.com/advisories/31087http://secunia.com/advisories/31113http://www.gentoo.org/security/en/glsa/glsa-200705-17.xmlhttp://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2008-090335.htmlhttp://www.osvdb.org/32778http://www.php-security.org/MOPB/BONUS-12-2007.htmlhttp://www.securityfocus.com/bid/22831http://www.vupen.com/english/advisories/2007/0868http://www.vupen.com/english/advisories/2008/2109/referenceshttp://www.vupen.com/english/advisories/2008/2115https://exchange.xforce.ibmcloud.com/vulnerabilities/32872
2007-03-08
Published