Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30709
HistoryMay 10, 2014 - 12:00 a.m.

[ MDVSA-2014:081 ] apache-mod_security

2014-05-1000:00:00
vulners.com
27
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2014:081
http://www.mandriva.com/en/support/security/

Package : apache-mod_security
Date : May 8, 2014
Affected: Business Server 1.0, Enterprise Server 5.0

Problem Description:

Updated apache-mod_security packages fix security vulnerability:

Martin Holst Swende discovered a flaw in the way mod_security handled
chunked requests. A remote attacker could use this flaw to bypass
intended mod_security restrictions, allowing them to send requests
containing content that should have been removed by mod_security
(CVE-2013-5705).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5705
http://advisories.mageia.org/MGASA-2014-0180.html

Updated Packages:

Mandriva Enterprise Server 5:
db46a0d3c58282dcfe04727dd86e2a17 mes5/i586/apache-mod_security-2.5.12-0.6mdvmes5.2.i586.rpm
aca483fdd1636091ee22011f982a0ca0 mes5/i586/mlogc-2.5.12-0.6mdvmes5.2.i586.rpm
9161a3c2199d97c0280bab4e55c80b4e mes5/SRPMS/apache-mod_security-2.5.12-0.6mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
9399f1df36d87e88bbbc9c6168f3e9d8 mes5/x86_64/apache-mod_security-2.5.12-0.6mdvmes5.2.x86_64.rpm
fb3954ad17067ea1151ad39a5bb416bf mes5/x86_64/mlogc-2.5.12-0.6mdvmes5.2.x86_64.rpm
9161a3c2199d97c0280bab4e55c80b4e mes5/SRPMS/apache-mod_security-2.5.12-0.6mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
5054d6b07b39f3388015fecb23656c36 mbs1/x86_64/apache-mod_security-2.6.3-5.4.mbs1.x86_64.rpm
ffcf62b9982c5be8b222763df594de24 mbs1/x86_64/mlogc-2.6.3-5.4.mbs1.x86_64.rpm
d3b3db04cacc97c7d0f14f20eeab1cda mbs1/SRPMS/apache-mod_security-2.6.3-5.4.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTa2rxmqjQ0CJFipgRAv9cAKDDkwpqvpQKm/tJVJCrh1QkALEMygCgleax
ykAeFzQAZ3ZCzGCu3FjYMhA=
=9msu
-----END PGP SIGNATURE-----

Related

openvas 12
nessus 11
securityvulns 1
prion 1
debian 3
cve 1
ubuntucve 1
osv 1
mageia 1
amazon 2
debiancve 1
fedora 2
seebug 1
checkpoint_advisories 1
suse 1
openvas
openvas
Debian Security Advisory DSA 2991-1 (modsecurity-apache - security update)
2014-07-27 00:00:00
Fedora Update for mod_security FEDORA-2014-4720
2014-04-15 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-334)
2015-09-08 00:00:00
nessus
nessus
Fedora 20 : mod_security-2.7.5-3.fc20 (2014-4633)
2014-04-15 00:00:00
Amazon Linux AMI : mod24_security (ALAS-2014-334)
2014-10-12 00:00:00
ModSecurity < 2.7.6 Chunked Header Filter Bypass
2014-05-12 00:00:00
securityvulns
securityvulns
Apache mod_security protection bypass
2014-05-10 00:00:00
prion
prion
Authentication flaw
2014-04-15 10:55:00
debian
debian
[SECURITY] [DSA 2991-1] modsecurity-apache security update
2014-07-27 17:53:46
[SECURITY] [DSA 2991-1] modsecurity-apache security update
2014-07-27 17:53:46
[DLA 34-1] libapache-mod-security security update
2014-08-09 13:56:43
cve
cve
CVE-2013-5705
2014-04-15 10:55:00
ubuntucve
ubuntucve
CVE-2013-5705
2014-04-15 00:00:00
osv
osv
modsecurity-apache - security update
2014-07-27 00:00:00
mageia
mageia
Updated apache-mod_security packages fix security vulnerability
2014-04-18 00:26:15
amazon
amazon
Medium: mod_security
2014-05-06 22:19:00
Medium: mod24_security
2014-05-06 22:19:00
debiancve
debiancve
CVE-2013-5705
2014-04-15 10:55:00
fedora
fedora
[SECURITY] Fedora 19 Update: mod_security-2.7.5-3.fc19
2014-04-14 22:33:53
[SECURITY] Fedora 20 Update: mod_security-2.7.5-3.fc20
2014-04-14 22:41:25
seebug
seebug
ModSecurity HTTP请求分块编码安全限制绕过漏洞
2014-04-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache2 PHP Component Chunked Transfer Encoding Policy Bypass (CVE-2013-5705; CVE-2018-17082)
2014-10-01 00:00:00
suse
suse
security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226 (important)
2014-08-07 23:04:14
JSON
Related for SECURITYVULNS:DOC:30709
openvas12nessus11securityvulns1prion1debian3cve1ubuntucve1osv1mageia1amazon2debiancve1fedora2seebug1checkpoint_advisories1suse1