Medium: mod_security

2014-09-18T00:32:00
ID ALAS-2014-335
Type amazon
Reporter Amazon
Modified 2014-09-18T00:32:00

Description

Issue Overview:

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

Affected Packages:

mod_security

Issue Correction:
Run yum update mod_security to update your system.

New Packages:

i686:  
    mlogc-2.7.3-3.23.amzn1.i686  
    mod_security-2.7.3-3.23.amzn1.i686  
    mod_security-debuginfo-2.7.3-3.23.amzn1.i686

src:  
    mod_security-2.7.3-3.23.amzn1.src

x86_64:  
    mod_security-2.7.3-3.23.amzn1.x86_64  
    mlogc-2.7.3-3.23.amzn1.x86_64  
    mod_security-debuginfo-2.7.3-3.23.amzn1.x86_64