5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
86.5%
ModSecurity is an open source web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
ModSecurity developers team recently fixed a vulnerability (CVE-2013-2765) which could be exploited by attackers to crash the firewall.
The vulnerability is caused due to an error when processing the βforceRequestBodyVariableβ action and can be exploited to cause a NULL pointer dereference via specially crafted HTTP requests.
Flaw was reported by Younes Jaaidi, according to him an attacker can exploit this issue using a web browser. He also released an Exploit for this flaw, which is publicly available at Github for download.
Through the program to upgrade to version 2.7.4 fixes this problem, this version also fixes some minor bug and lib injection used to identify SQL injection attacks, while the development team also announced its portable version of Nginx has reached stable conditions.