965 matches found
ModSecurity - Remote Null Pointer Dereference
Source: http://packetstormsecurity.com/files/121815/modsecuritycve20132765check.py.txt When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will...
Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability
ModSecurity is an open source web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. ModSecurity developers team recently fixed a vulnerability CVE-2013-2765 which could be exploited...
Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability
ModSecurity is an open source web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. ModSecurity developers team recently fixed a vulnerability CVE-2013-2765 which could be exploited...
ModSecurity Remote Null Pointer Dereference
!/usr/bin/env python3 -- coding: utf-8 -- Created on Mar 29, 2013 @author: Younes JAAIDI import argparse import http.client import logging import sys import urllib.request logger = logging.getLoggername logger.setLevellogging.DEBUG logger.addHandlerlogging.StreamHandlersys.stderr class...
www/mod_security -- NULL pointer dereference DoS
SecurityFocus reports: When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable"...
Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:156)
A vulnerability has been found and corrected in apache-modsecurity : ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with...
[WAF-FLE] Web application firewall: fast log and event console
WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc modsecurity event log handler. Features : Central event console Support Modsecurity in “traditional” and “Anomaly Scoring” Able to receive events sent from mlogc in real time or in...
ModSecurity XML外部实体信息泄露漏洞(CVE-2013-1915)
Bugtraq ID:58810 CVE ID:CVE-2013-1915 ModSecurity是一个入侵侦测与防护引擎,它主要是用于Web应用程序,所以也被称为Web应用程序防火墙 ModSecurity存在安全漏洞,允许远程攻击者通过XML外部实体声明结合实体引用,可读取任意文件,发送HTTP请求到内网服务器或进行拒绝服务攻击 0 ModSecurity 2.7.3 厂商解决方案 ModSecurity 2.7.3已经修复此漏洞,建议用户下载更新: http://www.modsecurity.org/...
CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
DEBIAN-CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
Xxe
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
CVE-2013-1915
CVE-2013-1915 (ModSecurity XXE) : ModSecurity before 2.7.3 is vulnerable to an XML External Entity (XXE) attack via an XML entity declaration and a referenced entity. This can allow remote attackers to read arbitrary files, make HTTP requests to intranet servers, or trigger denial of service (CPU...
CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
[SECURITY] Fedora 19 Update: mod_security-2.7.3-1.fc19
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...
FreeBSD : ModSecurity -- XML External Entity Processing Vulnerability (2070c79a-8e1e-11e2-b34d-000c2957946c)
Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...
[SECURITY] [DSA 2659-1] libapache-mod-security security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2659-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2013 http://www.debian.org/security/faq -...
[SECURITY] Fedora 18 Update: mod_security-2.7.3-1.fc18
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...