CVE-2013-2765
NONE EPSS 96.0%
Published Jul 15, 201312y ago · Modified Jun 16, 20262w ago
Published Jul 15, 2013 12y ago
Last Modified Jun 16, 2026 2w ago
Description
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
Threat Intelligence
EPSS Exploit Probability
96.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 5
References 11
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
- sourceforge.net http://sourceforge.net/mailarchive/message.php?msg_id=30900019
- modsecurity.org http://www.modsecurity.org/
- shookalabs.com http://www.shookalabs.com/
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=967615
- github.com https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
- github.com https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py
- raw.github.com https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
Remediation
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=967615
- github.com https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba