ModSecurity 'mod_headers'模块安全限制绕过漏洞

Bugtraq ID:66550 CVE ID:CVE-2013-5704 ModSecurity是Web应用服务器。 ModSecurity在实现上存在安全限制绕过漏洞，成功利用后可使攻击者绕过过滤规则。 0 modsecurity 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://sourceforge.net/projects/mod-security/...

ModSecurity HTTP请求分块编码安全限制绕过漏洞

CVE ID:CVE-2013-5705 ModSecurity是一个入侵侦测与防护引擎,它主要是用于Web应用程序,所以也被称为Web应用程序防火墙。 ModSecurity 2.7.6之前版本在"modsecuritytxinit"函数apache2/modsecurity.c的实现中存在错误，恶意用户通过分块编码的特制请求，利用此漏洞可绕过HTTP请求主体处理。 0 modsecurity modsecurity 2.7.6 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://sourceforge.net/projects/mod-security/...

[WAF-FLE v0.6.3] Web application firewall: fast log and event console

WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc modsecurity event log handler. Features : Central event console Support Modsecurity in “traditional” and “Anomaly Scoring” Able to receive events sent from mlogc in real time or in...

[ModSecurity v2.7] Open Source Web Application Firewall

ModSecurity is an embeddable web application firewall, which means it can be deployed as part of your existing web server infrastructure Apache, IIS7 and Nginx. This deployment method has certain advantages: 1. No changes to existing network. It only takes a few minutes to add ModSecurity to your...

MIRcon 2013 – Day 2 Highlights

Thanks for another wonderful MIRcon®, everyone! It's been an honor to bring together so many leading minds in cybersecurity, and to foster conversations about what we can all do to safeguard the information and innovationson which so much of us rely on. The second and final day of MIRcon 2013...

AjaXplorer 1.0 - Multiple Vulnerabilities

AjaXplorer 1.0 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2013-027: Multiple Vulnerabilities in AjaXplorer Published: 09/05/13 Version: 1.0 Vendor: AjaXplorer http://ajaxplorer.info Product: AjaXplorer Version affected: 5.0.2 and prior Product description: AjaXplorer is...

AjaXplorer 1.0 - Multiple Vulnerabilities

Trustwave SpiderLabs Security Advisory TWSL2013-027: Multiple Vulnerabilities in AjaXplorer Published: 09/05/13 Version: 1.0 Vendor: AjaXplorer http://ajaxplorer.info Product: AjaXplorer Version affected: 5.0.2 and prior Product description: AjaXplorer is an open source file sharing platform whic...

[OWASP Broken Web Applications Project VM v1.1] Collection of vulnerable web applications

The Broken Web Applications BWA Project is a collection of vulnerable web applications that is distributed on a Virtual Machine. The Broken Web Applications BWA Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: Learning about...

AjaXplorer 5.0.2 Shell Upload / Traversal Vulnerability

AjaXplorer versions 5.0.2 and below suffer from remote shell upload and path traversal vulnerabilities. Vendor: AjaXplorer http://ajaxplorer.info Product: AjaXplorer Version affected: 5.0.2 and prior Product description: AjaXplorer is an open source file sharing platform which relies on PHP and t...

AjaXplorer 5.0.2 Shell Upload / Traversal

Trustwave SpiderLabs Security Advisory TWSL2013-027: Multiple Vulnerabilities in AjaXplorer Published: 09/05/13 Version: 1.0 Vendor: AjaXplorer http://ajaxplorer.info Product: AjaXplorer Version affected: 5.0.2 and prior Product description: AjaXplorer is an open source file sharing platform whic...

Modsecurity Cross Site Scripting Bypass Vulnerability

Modsecurity suffers from a cross site scripting bypass vulnerability. Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall i...

Modsecurity Cross Site Scripting Bypass

Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall is one of the most known WAF around, It has anonline smoke test where w...

ModSecurity < 2.7.3 XML External Entity (XXE) Data Parsing Arbitrary File Disclosure

Binary data 6991.prm...

ModSecurity < 2.5.9 Multipart Request Header Name DoS

Binary data 6989.prm...

ModSecurity < 2.7.0 Multipart Request Parsing Filter Bypass

Binary data 6990.prm...

ModSecurity < 2.1.1 POST Data Null Byte Filter Bypass

Binary data 6988.prm...

CVE-2013-2765

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service NULL pointer dereference, process crash, and disk consumption via a POST request with a large body and a crafted Content-Type header...

CVE-2013-2765

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service NULL pointer dereference, process crash, and disk consumption via a POST request with a large body and a crafted Content-Type header...

DEBIAN-CVE-2013-2765

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service NULL pointer dereference, process crash, and disk consumption via a POST request with a large body and a crafted Content-Type header...

CVE-2013-2765

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service NULL pointer dereference, process crash, and disk consumption via a POST request with a large body and a crafted Content-Type header...