apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
                
            References
                    | Link | Resource | 
|---|---|
| http://martin.swende.se/blog/HTTPChunked.html | Exploit Third Party Advisory | 
| http://www.debian.org/security/2014/dsa-2991 | Third Party Advisory | 
| https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d | Patch Third Party Advisory | 
| http://martin.swende.se/blog/HTTPChunked.html | Exploit Third Party Advisory | 
| http://www.debian.org/security/2014/dsa-2991 | Third Party Advisory | 
| https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d | Patch Third Party Advisory | 
Configurations
                    History
                    21 Nov 2024, 01:57
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () http://martin.swende.se/blog/HTTPChunked.html - Exploit, Third Party Advisory | |
| References | () http://www.debian.org/security/2014/dsa-2991 - Third Party Advisory | |
| References | () https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d - Patch, Third Party Advisory | 
Information
                Published : 2014-04-15 10:55
Updated : 2025-04-12 10:46
NVD link : CVE-2013-5705
Mitre link : CVE-2013-5705
CVE.ORG link : CVE-2013-5705
JSON object : View
Products Affected
                debian
- debian_linux
trustwave
- modsecurity
CWE
                