CVE-2007-1359
CVE-2007-1359
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/3425no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143http://secunia.com/advisories/24373http://secunia.com/advisories/25316http://secunia.com/advisories/31087http://secunia.com/advisories/31113https://exchange.xforce.ibmcloud.com/vulnerabilities/32872http://www.gentoo.org/security/en/glsa/glsa-200705-17.xmlhttp://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2008-090335.htmlhttp://www.osvdb.org/32778http://www.php-security.org/MOPB/BONUS-12-2007.htmlhttp://www.securityfocus.com/bid/22831