DSA-2991 modsecurity-apache - security update
|
Información sobre el sistema
|
|
|
Software afectado |
Debian |
Descripción
|
Martin Holst Swende discovered a flaw in the way chunked requests arehandled in ModSecurity, an Apache module whose purpose is to tighten theWeb application security. A remote attacker could use this flaw tobypass intended mod_security restrictions by using chunked transfercoding with a capitalized Chunked value in the Transfer-Encoding HTTPheader, allowing to send requests containing content that should havebeen removed by mod_security.
More info:
https://www.debian.org/security/2014/dsa-2991 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2013-5705 and DSA-2991. |