Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29448
HistoryJun 04, 2013 - 12:00 a.m.

[SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference

2013-06-0400:00:00
vulners.com
29
JSON

CVE Number: CVE-2013-2765 / ModSecurity Remote Null Pointer Dereference

When ModSecurity receives a request body with a size bigger than the
value set by the "SecRequestBodyInMemoryLimit" and with a
"Content-Type" that has no request body processor mapped to it,
ModSecurity will systematically crash on every call to
"forceRequestBodyVariable" (in phase 1).

In addition to the segfault that occurs here, ModSecurity will not
remove the temporary request body file and the temporary directory
(set by the "SecTmpDir" directive) will keep growing until saturation.

Details : http://www.shookalabs.com/#advisory-cve-2013-2765

Exploit : https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py

Solution : Upgrade to 2.7.4 https://www.modsecurity.org

Related

fedora 3
openvas 4
nessus 10
thn 2
cve 1
zdt 1
prion 1
mageia 1
freebsd 1
ubuntucve 1
packetstorm 1
securityvulns 1
seebug 1
debiancve 1
f5 1
fedora
fedora
[SECURITY] Fedora 18 Update: mod_security-2.7.3-2.fc18
2013-06-06 01:39:13
[SECURITY] Fedora 19 Update: mod_security-2.7.3-2.fc19
2013-06-06 02:24:02
[SECURITY] Fedora 17 Update: mod_security-2.7.3-2.fc17
2013-06-06 01:34:19
openvas
openvas
Fedora Update for mod_security FEDORA-2013-9519
2013-06-07 00:00:00
Fedora Update for mod_security FEDORA-2013-9519
2013-06-07 00:00:00
Fedora Update for mod_security FEDORA-2013-9518
2013-06-07 00:00:00
nessus
nessus
Fedora 17 : mod_security-2.7.3-2.fc17 (2013-9518)
2013-07-12 00:00:00
SuSE 11.3 Security Update : apache2-mod_security2 (SAT Patch Number 8149)
2013-09-05 00:00:00
Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:187)
2013-07-03 00:00:00
thn
thn
Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability
2013-05-29 20:37:00
Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability
2013-05-29 09:37:00
cve
cve
CVE-2013-2765
2013-07-15 15:55:00
zdt
zdt
ModSecurity Remote Null Pointer Dereference Vulnerability
2013-05-31 00:00:00
prion
prion
Null pointer dereference
2013-07-15 15:55:00
mageia
mageia
apache-mod_security new security issue CVE-2013-2765
2013-06-26 22:00:30
freebsd
freebsd
www/mod_security -- NULL pointer dereference DoS
2013-05-27 00:00:00
ubuntucve
ubuntucve
CVE-2013-2765
2013-07-15 00:00:00
packetstorm
packetstorm
ModSecurity Remote Null Pointer Dereference
2013-05-29 00:00:00
securityvulns
securityvulns
ModSecurity DoS
2013-06-04 00:00:00
seebug
seebug
ModSecurity 空指针间接引用远程拒绝服务漏洞(CVE-2013-2765)
2013-06-02 00:00:00
debiancve
debiancve
CVE-2013-2765
2013-07-15 15:55:00
f5
f5
K000139044 : Apache httpd vulnerabilities CVE-2011-1176, CVE-2011-2688, CVE-2013-0942, CVE-2013-2765, and CVE-2013-4365
2024-03-26 00:00:00
JSON
Related for SECURITYVULNS:DOC:29448
fedora3openvas4nessus10thn2cve1zdt1prion1mageia1freebsd1ubuntucve1packetstorm1securityvulns1seebug1debiancve1f51