Computer Security
[EN] securityvulns.ru no-pyccku


mod_security protection bypass
updated since 06.03.2007
Published:06.03.2007
Source:
SecurityVulns ID:7354
Type:remote
Threat Level:
5/10
Description:Invalid handling of NULL byte in POST form data opens possibility to traverse checks.
Affected:MODSECURITY : mod_security 2.1
CVE:CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.)
Original documentdocumentPHP-SECURITY, BONUS-12-2007:mod_security POST Rules Bypass Vulnerability (06.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod