5

CVE-2013-2765

Exploit

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

Data is provided by the National Vulnerability Database (NVD)
TrustwaveModsecurity Version < 2.7.4
   ApacheHTTP Server
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 5.38% 0.897
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.shookalabs.com/
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=967615
Patch
Third Party Advisory
Issue Tracking