CVE-2013-2765

Related Files

Mandriva Linux Security Advisory 2013-187

Posted Jul 2, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-187 - When ModSecurity receives a request body with a size bigger than the value set by the SecRequestBodyInMemoryLimit and with a Content-Type that has no request body processor mapped to it, ModSecurity will systematically crash on every call to forceRequestBodyVariable (in phase 1).

tags | advisory

systems | linux, mandriva

advisories | CVE-2013-2765

SHA-256 | 8e9568efd15667c1287ddbf31ad02c896d6b93fac9ac4b3cc661e72f0dab2501

Download | Favorite | View

ModSecurity Remote Null Pointer Dereference

Posted May 29, 2013

Authored by Younes JAAIDI

When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" (in phase 1). This is the proof of concept exploit. Versions prior to 2.7.4 are affected.

tags | exploit, proof of concept

advisories | CVE-2013-2765

SHA-256 | b4e14816e4c5cdc0de651f2cc750a97fa531e3a0c488cb71922a3bc534259845

Download | Favorite | View