Lucene search

K

[email protected]CVE-2013-2765

HistoryJul 15, 2013 - 3:55 p.m.

CVE-2013-2765

2013-07-1515:55:00

CWE-476

[email protected]

web.nvd.nist.gov

41

modsecurity

apache http server

denial of service

cve-2013-2765

nvd

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.2%

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

CPENameOperatorVersion
trustwave:modsecuritytrustwave modsecuritylt2.7.4
opensuse:opensuseopensuseeq12.3
opensuse:opensuseopensuseeq11.4
opensuse:opensuseopensuseeq12.2

References

archives.neohapsis.com/archives/bugtraq/2013-05/0125.html

lists.opensuse.org/opensuse-updates/2013-08/msg00020.html

lists.opensuse.org/opensuse-updates/2013-08/msg00025.html

lists.opensuse.org/opensuse-updates/2013-08/msg00031.html

sourceforge.net/mailarchive/message.php?msg_id=30900019

www.modsecurity.org/

www.shookalabs.com/

bugzilla.redhat.com/show_bug.cgi?id=967615

github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py

github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba

raw.github.com/SpiderLabs/ModSecurity/master/CHANGES

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.2%

Related for CVE-2013-2765

nessus10 fedora3 thn2 cvelist1 openvas6 prion1 securityvulns2 zdt1 mageia1 freebsd1 ubuntucve1 packetstorm1 seebug1 debiancve1 f51