CVE-2007-1359

by Fred · 08/03/2007

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

Date published : 2007-03-08

http://www.securityfocus.com/bid/22831

http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.html

CVE-2007-1359

Similar

Recent Posts

Categories

CVE-2007-1359

Share this:

Similar

Recent Posts

Categories

Tags