Lucene search
K

20 matches found

OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.13 views

Debian: Security Advisory (DLA-34-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.7AI score0.0267EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2014-0180)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.0267EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.17 views

Amazon Linux: Security Advisory (ALAS-2014-334)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.3AI score0.0267EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.20 views

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2015:106)

Updated apache-modsecurity packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

5CVSS6.2AI score0.0267EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.19 views

Amazon Linux AMI : mod_security (ALAS-2014-335)

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

5CVSS6.1AI score0.0267EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2014/08/21 12:0 a.m.21 views

openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2014:1047-1)

This is apache2-modsecurity2 update fixes the following security issue : - Specially drafted chunked http requests allow to bypass filters configured in modsecurity2. This vulnerability is known as CVE-2013-5705 and was handled in bnc871309. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

5CVSS6.1AI score0.0267EPSS
Exploits2References3
Debian
Debian
added 2014/08/09 1:56 p.m.19 views

[DLA 34-1] libapache-mod-security security update

Package : libapache-mod-security Version : 2.5.12-1+squeeze4 CVE ID : CVE-2013-5705 Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing...

5CVSS6.3AI score0.0267EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2014/08/09 12:0 a.m.37 views

SuSE 11.3 Security Update : apache2-mod_security2 (SAT Patch Number 9585)

This apache2-modsecurity2 update fixes the following security issue : - bypass of intended rules via chunked requests CVE-2013-5705. bnc871309 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information...

5CVSS6.1AI score0.0267EPSS
Exploits2References3
OPENSUSE Linux
OPENSUSE Linux
added 2014/08/07 11:4 p.m.56 views

security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226 (important)

apache2: - ECC support was added to modssl - fix for a race condition in modstatus known as CVE-2014-0226 can lead to information disclosure; modstatus is not active by default, and is normally only open for connects from localhost. - fix for bug known as CVE-2014-0098 that can crash the apache...

6.8CVSS0.2AI score0.85744EPSS
Exploits8References6
Debian
Debian
added 2014/07/27 5:53 p.m.18 views

[SECURITY] [DSA 2991-1] modsecurity-apache security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2991-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso July 27, 2014 http://www.debian.org/security/faq -...

5CVSS1.5AI score0.0267EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2014/05/09 12:0 a.m.27 views

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2014:081)

Updated apache-modsecurity packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

5CVSS6.2AI score0.0267EPSS
Exploits2References2
Amazon
Amazon
added 2014/05/06 12:0 a.m.35 views

Medium: mod24_security

Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: mod24security Issue Correction: Run yum update mod24security or yum...

5CVSS6.4AI score0.0267EPSS
Exploits2
Mageia
Mageia
added 2014/04/17 8:26 p.m.34 views

Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

5CVSS1.7AI score0.0267EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2014/04/15 10:55 a.m.20 views

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

5CVSS6.4AI score0.0267EPSS
Exploits2References2
CVE
CVE
added 2014/04/15 10:0 a.m.113 views

CVE-2013-5705

Affected software: ModSecurity (Apache module) before 2.7.6. Root cause: flawed handling of chunked Transfer-Encoding with a capitalized Chunked value in the HTTP header. Impact: remote attackers can bypass mod_security rules. Remediation: upgrade to ModSecurity 2.7.6 or newer (as cited by multip...

5CVSS6AI score0.0267EPSS
Exploits2References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/04/15 12:0 a.m.25 views

Fedora 19 : mod_security-2.7.5-3.fc19 (2014-4720)

Fix Chunked string case sensitive issue CVE-2013-5705, RHBZ 1082904 1082905 1082906 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

5CVSS6.1AI score0.0267EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2014/04/15 12:0 a.m.22 views

Fedora Update for mod_security FEDORA-2014-4720

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.3AI score0.0267EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2014/04/15 12:0 a.m.11 views

Fedora Update for mod_security FEDORA-2014-4633

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.3AI score0.0267EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2014/04/15 12:0 a.m.23 views

Fedora 20 : mod_security-2.7.5-3.fc20 (2014-4633)

Fix Chunked string case sensitive issue CVE-2013-5705, RHBZ 1082904 1082905 1082906 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

5CVSS6.1AI score0.0267EPSS
Exploits2References3
seebug.org
seebug.org
added 2014/04/02 12:0 a.m.23 views

ModSecurity HTTP请求分块编码安全限制绕过漏洞

CVE ID:CVE-2013-5705 ModSecurity是一个入侵侦测与防护引擎,它主要是用于Web应用程序,所以也被称为Web应用程序防火墙。 ModSecurity 2.7.6之前版本在"modsecuritytxinit"函数apache2/modsecurity.c的实现中存在错误,恶意用户通过分块编码的特制请求,利用此漏洞可绕过HTTP请求主体处理。 0 modsecurity modsecurity 2.7.6 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://sourceforge.net/projects/mod-security/...

5CVSS6.3AI score0.0267EPSS
Exploits2
Rows per page
Query Builder