CVE-2013-2765
published 2013-07-15CVE-2013-2765: The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash…
PriorityP433medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
13.72%
96.0th percentile
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | modsecurity-apache | < modsecurity-apache 2.6.6-9 (bookworm) | modsecurity-apache 2.6.6-9 (bookworm) |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| trustwave | modsecurity | < 2.7.4 | 2.7.4 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x49q-wq3g-gh64: The ModSecurity module before 2
ghsa_unreviewed·2022-05-13
CVE-2013-2765 [MEDIUM] CWE-476 GHSA-x49q-wq3g-gh64: The ModSecurity module before 2
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
OSV
CVE-2013-2765: The ModSecurity module before 2
osv·2013-07-15·CVSS 5.0
CVE-2013-2765 [MEDIUM] CVE-2013-2765: The ModSecurity module before 2
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
Debian
CVE-2013-2765: modsecurity-apache - The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote att...
vendor_debian·2013·CVSS 5.0
CVE-2013-2765 [MEDIUM] CVE-2013-2765: modsecurity-apache - The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote att...
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
Scope: local
bookworm: resolved (fixed in 2.6.6-9)
bullseye: resolved (fixed in 2.6.6-9)
forky: resolved (fixed in 2.6.6-9)
sid: resolved (fixed in 2.6.6-9)
trixie: resolved (fixed in 2.6.6-9)
No detection rules found.
http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.htmlhttp://lists.opensuse.org/opensuse-updates/2013-08/msg00020.htmlhttp://lists.opensuse.org/opensuse-updates/2013-08/msg00025.htmlhttp://lists.opensuse.org/opensuse-updates/2013-08/msg00031.htmlhttp://sourceforge.net/mailarchive/message.php?msg_id=30900019http://www.modsecurity.org/http://www.shookalabs.com/https://bugzilla.redhat.com/show_bug.cgi?id=967615https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fbahttps://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.pyhttps://raw.github.com/SpiderLabs/ModSecurity/master/CHANGEShttp://archives.neohapsis.com/archives/bugtraq/2013-05/0125.htmlhttp://lists.opensuse.org/opensuse-updates/2013-08/msg00020.htmlhttp://lists.opensuse.org/opensuse-updates/2013-08/msg00025.htmlhttp://lists.opensuse.org/opensuse-updates/2013-08/msg00031.htmlhttp://sourceforge.net/mailarchive/message.php?msg_id=30900019http://www.modsecurity.org/http://www.shookalabs.com/https://bugzilla.redhat.com/show_bug.cgi?id=967615https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fbahttps://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.pyhttps://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
2013-07-15
Published