Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-1359

Published: 08/03/2007 Updated: 29/07/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mod Security

Vulnerability Summary

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and previous versions allows remote malicious users to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

Vulnerable Product Search on Vulmon Subscribe to Product

mod security mod security 1.7.4

mod security mod security 1.7.5

mod security mod security 1.7.1

mod security mod security 1.7.2

mod security mod security 1.9.4

mod security mod security 2.1

mod security mod security 1.7

Exploits

Exploit DB: mod_security 2.1.0 - ASCIIZ byte POST Rules Bypass
mod_security <= 210 (ASCIIZ byte) POST Rules Bypass Vulnerability wwwphp-securityorg/MOPB/BONUS-12-2007html Affected is mod_security <= 210 Detailed information Detailed information When mod_security receives a request it parses it into web application parameters in a way it believes is correct Because the way it parses ...

References

NVD-CWE-noinfohttp://www.php-security.org/MOPB/BONUS-12-2007.htmlhttp://www.securityfocus.com/bid/22831http://secunia.com/advisories/24373http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.htmlhttp://www.osvdb.org/32778http://www.gentoo.org/security/en/glsa/glsa-200705-17.xmlhttp://secunia.com/advisories/25316http://secunia.com/advisories/31113http://secunia.com/advisories/31087http://www.vupen.com/english/advisories/2008/2109/referenceshttp://www.vupen.com/english/advisories/2007/0868http://www.vupen.com/english/advisories/2008/2115http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/32872https://nvd.nist.govhttps://www.exploit-db.com/exploits/3425/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook