CVE-2013-5705
EPSS 0.84%modsecurity-apache - security update
發布日:2014/4/15修改日:2026/4/28
描述
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
受影響套件(3)
- Debian/libapache-mod-securityfrom 0, < 2.5.12-1+squeeze4
- Debian/modsecurity-apachefrom 0, < 2.7.7-1
- Debian/modsecurity-apachefrom 0, < 2.6.6-6+deb7u2