CVE-2013-5705

NONE
Published Apr 15, 201412y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 15, 2014 12y ago
Last Modified Jun 16, 2026 2w ago

Description

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Affected Products 3

VendorProductVersionRange
trustwavemodsecurity* <2.7.6
debiandebian_linux7.0any
debiandebian_linux8.0any

References 3

  • martin.swende.se http://martin.swende.se/blog/HTTPChunked.html
    ExploitThird Party Advisory
  • debian.org http://www.debian.org/security/2014/dsa-2991
    Third Party Advisory
  • github.com https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
    PatchThird Party Advisory