Lucene search

K

[email protected]NVD:CVE-2013-2765

HistoryJul 15, 2013 - 3:55 p.m.

CVE-2013-2765

2013-07-1515:55:01

CWE-476

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

Affected configurations

NVD

Node

trustwavemodsecurityRange<2.7.4

AND

apachehttp_server

Node

opensuseopensuseMatch11.4

OR

opensuseopensuseMatch12.2

OR

opensuseopensuseMatch12.3

References

archives.neohapsis.com/archives/bugtraq/2013-05/0125.html

lists.opensuse.org/opensuse-updates/2013-08/msg00020.html

lists.opensuse.org/opensuse-updates/2013-08/msg00025.html

lists.opensuse.org/opensuse-updates/2013-08/msg00031.html

sourceforge.net/mailarchive/message.php?msg_id=30900019

www.modsecurity.org/

www.shookalabs.com/

bugzilla.redhat.com/show_bug.cgi?id=967615

github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py

github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba

raw.github.com/SpiderLabs/ModSecurity/master/CHANGES

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

Related for NVD:CVE-2013-2765

nessus10 openvas6 fedora3 thn2 cvelist1 ubuntucve1 packetstorm1 seebug1 debiancve1 securityvulns2 cve1 prion1 freebsd1 zdt1 mageia1 f51