CVE-2013-5705
NONE
Published Apr 15, 201412y ago · Modified Jun 16, 20262w ago
Published Apr 15, 2014 12y ago
Last Modified Jun 16, 2026 2w ago
Description
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
Patch Available
Affected Products 3
References 3
- martin.swende.se http://martin.swende.se/blog/HTTPChunked.html
- debian.org http://www.debian.org/security/2014/dsa-2991
- github.com https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
Remediation
- github.com https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d