6.8
CVE-2007-1359
- EPSS 6.62%
- Veröffentlicht 08.03.2007 22:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginInterpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mod Security ≫ Mod Security Version1.7
Mod Security ≫ Mod Security Version1.7.1
Mod Security ≫ Mod Security Version1.7.2
Mod Security ≫ Mod Security Version1.7.4
Mod Security ≫ Mod Security Version1.7.5
Mod Security ≫ Mod Security Version1.9.4
Mod Security ≫ Mod Security Version2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.62% | 0.93 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143
http://secunia.com/advisories/24373
http://secunia.com/advisories/25316
http://secunia.com/advisories/31087
http://secunia.com/advisories/31113
http://www.gentoo.org/security/en/glsa/glsa-200705-17.xml
http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.html
http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html
http://www.osvdb.org/32778
http://www.php-security.org/MOPB/BONUS-12-2007.html
http://www.securityfocus.com/bid/22831
http://www.vupen.com/english/advisories/2007/0868
http://www.vupen.com/english/advisories/2008/2109/references
http://www.vupen.com/english/advisories/2008/2115
https://exchange.xforce.ibmcloud.com/vulnerabilities/32872