965 matches found
Null pointer dereference
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service NULL pointer dereference, process crash, and disk consumption via a POST request with a large body and a crafted Content-Type header...
UBUNTU-CVE-2013-2765
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service NULL pointer dereference, process crash, and disk consumption via a POST request with a large body and a crafted Content-Type header...
CVE-2013-2765
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service NULL pointer dereference, process crash, and disk consumption via a POST request with a large body and a crafted Content-Type header...
CVE-2013-2765
CVE-2013-2765 affects the ModSecurity module for the Apache HTTP Server (before 2.7.4). The vulnerability allows remote attackers to cause a denial of service via a POST request with a large body and a crafted Content-Type header, resulting in a NULL pointer dereference, process crash, and disk c...
CVE-2013-2765
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service NULL pointer dereference, process crash, and disk consumption via a POST request with a large body and a crafted Content-Type header...
ModSecurity < 2.7.3 XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.3. It is, therefore, potentially affected by a file disclosure vulnerability. An improperly configured XML parser could allow untrusted XML entities from external sources to be accepted, thus...
ModSecurity < 2.1.1 POST Data Null Byte Filter Bypass
According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.1.1. It is, therefore, potentially affected by a security bypass vulnerability. An error exists related to HTTP POST requests and 'application/x-www-form-urlencoded' content containing un-encoded NU...
ModSecurity Version
Based on HTTP headers, the remote host appears to be running ModSecurity, an open source web application firewall WAF. It was possible to read the version number from the banner. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid67123; scriptversion"1.6";...
ModSecurity < 2.5.9 Multipart Request Header Name DoS
According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.5.9. It is, therefore, potentially affected by a denial of service vulnerability. An error exists related to multipart form HTTP POST requests with a missing part header name that could allow an...
ModSecurity < 2.7.4 forceRequestBodyVariable Action Handling DoS
According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.4. It is, therefore, potentially affected by a denial of service vulnerability. An error exists related to handling the action 'forceRequestBodyVariable' that could allow an HTTP request to cause ...
ModSecurity < 2.7.0 Multipart Request Parsing Filter Bypass
According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.0. It is, therefore, potentially affected by a security bypass vulnerability. An error exists related to HTTP POST requests and 'Content-Disposition' headers containing extra lines that could allo...
Fedora Update for mod_security FEDORA-2013-9518
Check for the Version of modsecurity OpenVAS Vulnerability Test Fedora Update for modsecurity FEDORA-2013-9518 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
[SECURITY] Fedora 19 Update: mod_security-2.7.3-2.fc19
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...
[SECURITY] Fedora 18 Update: mod_security-2.7.3-2.fc18
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...
[SECURITY] Fedora 17 Update: mod_security-2.7.3-2.fc17
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...
ModSecurity DoS
NULL pointer dereference under some conditions...
[SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference
CVE Number: CVE-2013-2765 / ModSecurity Remote Null Pointer Dereference When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically...
ModSecurity 空指针间接引用远程拒绝服务漏洞(CVE-2013-2765)
BUGTRAQ ID: 60182 CVECAN ID: CVE-2013-2765 ModSecurity 2.7.4之前版本存在拒绝服务漏洞,攻击者可利用此漏洞使Apache Web服务器崩溃。此漏洞源于"forceRequestBodyVariable"操作内的处理错误,通过特制的HTTP请求可造成空指针间接引用。 0 modsecurity 2.x 厂商补丁: modsecurity ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://sourceforge.net/projects/mod-security/...
ModSecurity - Remote Null Pointer Dereference
ModSecurity - Remote Null Pointer Dereference Source: http://packetstormsecurity.com/files/121815/modsecuritycve20132765check.py.txt When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request bo...
ModSecurity Remote Null Pointer Dereference Vulnerability
When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" in phase 1. This is the...