20 matches found
Debian: Security Advisory (DLA-34-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2014-0180)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2014-334)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2015:106)
Updated apache-modsecurity packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...
Amazon Linux AMI : mod_security (ALAS-2014-335)
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2014:1047-1)
This is apache2-modsecurity2 update fixes the following security issue : - Specially drafted chunked http requests allow to bypass filters configured in modsecurity2. This vulnerability is known as CVE-2013-5705 and was handled in bnc871309. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...
[DLA 34-1] libapache-mod-security security update
Package : libapache-mod-security Version : 2.5.12-1+squeeze4 CVE ID : CVE-2013-5705 Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing...
SuSE 11.3 Security Update : apache2-mod_security2 (SAT Patch Number 9585)
This apache2-modsecurity2 update fixes the following security issue : - bypass of intended rules via chunked requests CVE-2013-5705. bnc871309 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information...
security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226 (important)
apache2: - ECC support was added to modssl - fix for a race condition in modstatus known as CVE-2014-0226 can lead to information disclosure; modstatus is not active by default, and is normally only open for connects from localhost. - fix for bug known as CVE-2014-0098 that can crash the apache...
[SECURITY] [DSA 2991-1] modsecurity-apache security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2991-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso July 27, 2014 http://www.debian.org/security/faq -...
Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2014:081)
Updated apache-modsecurity packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...
Medium: mod24_security
Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: mod24security Issue Correction: Run yum update mod24security or yum...
Updated apache-mod_security packages fix security vulnerability
Updated apache-modsecurity packages fix security vulnerability: Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...
CVE-2013-5705
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...
CVE-2013-5705
Affected software: ModSecurity (Apache module) before 2.7.6. Root cause: flawed handling of chunked Transfer-Encoding with a capitalized Chunked value in the HTTP header. Impact: remote attackers can bypass mod_security rules. Remediation: upgrade to ModSecurity 2.7.6 or newer (as cited by multip...
Fedora 20 : mod_security-2.7.5-3.fc20 (2014-4633)
Fix Chunked string case sensitive issue CVE-2013-5705, RHBZ 1082904 1082905 1082906 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora Update for mod_security FEDORA-2014-4720
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mod_security FEDORA-2014-4633
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : mod_security-2.7.5-3.fc19 (2014-4720)
Fix Chunked string case sensitive issue CVE-2013-5705, RHBZ 1082904 1082905 1082906 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
ModSecurity HTTP请求分块编码安全限制绕过漏洞
CVE ID:CVE-2013-5705 ModSecurity是一个入侵侦测与防护引擎,它主要是用于Web应用程序,所以也被称为Web应用程序防火墙。 ModSecurity 2.7.6之前版本在"modsecuritytxinit"函数apache2/modsecurity.c的实现中存在错误,恶意用户通过分块编码的特制请求,利用此漏洞可绕过HTTP请求主体处理。 0 modsecurity modsecurity 2.7.6 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://sourceforge.net/projects/mod-security/...