CVE-2013-5705 — Modsecurity vulnerability

9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 25.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trustwave Modsecurity Debian Linux

Timeline

PublishedApr 15

Latest updateMay 13

Description

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDtrustwave/modsecurity< 2.7.6

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-36h6-r4f5-cjrw: apache2/modsecurity↗2022-05-13

▶

OSV

CVE-2013-5705: apache2/modsecurity↗2014-04-15

▶

CVEList

CVE-2013-5705: apache2/modsecurity↗2014-04-15

▶

📋Vendor Advisories

Red Hat

mod_security: bypass of intended rules via chunked requests↗2014-03-31

▶

Debian

CVE-2013-5705: modsecurity-apache - apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to byp...↗2013

▶

💬Community

Bugzilla

CVE-2013-5705 mod_security: bypass of intended rules via chunked requests↗2014-04-01

▶

Bugzilla

CVE-2013-5705 mod_security: bypass of intended rules via chunked requests [fedora-all]↗2014-04-01

▶

Bugzilla

CVE-2013-5705 mod_security: bypass of intended rules via chunked requests [epel-all]↗2014-04-01

▶