CVE-2013-5705
EPSS 0.84%modsecurity-apache - security update
Published: 4/15/2014Modified: 4/28/2026
Description
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
Affected packages (3)
- Debian/libapache-mod-securityfrom 0, < 2.5.12-1+squeeze4
- Debian/modsecurity-apachefrom 0, < 2.7.7-1
- Debian/modsecurity-apachefrom 0, < 2.6.6-6+deb7u2