CVE-2013-2765

NONE EPSS 96.0%
Published Jul 15, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jul 15, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

Threat Intelligence

EPSS Exploit Probability
96.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 5

VendorProductVersionRange
trustwavemodsecurity* <2.7.4
apachehttp_server*any
opensuseopensuse11.4any
opensuseopensuse12.2any
opensuseopensuse12.3any

References 11

  • archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html
    Broken Link
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
    Mailing ListThird Party Advisory
  • sourceforge.net http://sourceforge.net/mailarchive/message.php?msg_id=30900019
    Third Party Advisory
  • modsecurity.org http://www.modsecurity.org/
    Vendor Advisory
  • shookalabs.com http://www.shookalabs.com/
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=967615
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
    PatchThird Party Advisory
  • github.com https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py
    ExploitThird Party Advisory
  • raw.github.com https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
    Broken Link

Remediation

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=967615
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
    PatchThird Party Advisory