Vulnerability in Trustwave Modsecurity
CVE-2013-5705
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
EPSS: 0.008 (75.1th percentile) — read the EPSS interpretation.
Affected products
- Trustwave Modsecurity
- Debian Debian_linux — versions 7.0, 8.0
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
- DSA-2991 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)