ID CVE-2013-2765
Summary The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
References
Vulnerable Configurations
  • ModSecurity 2.7.3
    cpe:2.3:a:modsecurity:modsecurity:2.7.3
  • ModSecurity 2.7.1
    cpe:2.3:a:modsecurity:modsecurity:2.7.1
  • ModSecurity 2.7.2
    cpe:2.3:a:modsecurity:modsecurity:2.7.2
  • ModSecurity 2.7.0
    cpe:2.3:a:modsecurity:modsecurity:2.7.0
  • ModSecurity 2.7.0 release candidate 3
    cpe:2.3:a:modsecurity:modsecurity:2.7.0:rc3
  • Apache Software Foundation Apache HTTP Server
    cpe:2.3:a:apache:http_server
CVSS
Base: 4.3 (as of 16-07-2013 - 10:11)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description ModSecurity Remote Null Pointer Dereference. CVE-2013-2765. Dos exploits for multiple platform
id EDB-ID:25852
last seen 2016-02-03
modified 2013-05-31
published 2013-05-31
reporter Younes JAAIDI
source https://www.exploit-db.com/download/25852/
title ModSecurity Remote Null Pointer Dereference
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_9DFB63B88F3611E2B34D000C2957946C.NASL
    description SecurityFocus reports : When ModSecurity receives a request body with a size bigger than the value set by the 'SecRequestBodyInMemoryLimit' and with a 'Content-Type' that has no request body processor mapped to it, ModSecurity will systematically crash on every call to 'forceRequestBodyVariable'.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66770
    published 2013-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66770
    title FreeBSD : www/mod_security -- NULL pointer dereference DoS (9dfb63b8-8f36-11e2-b34d-000c2957946c)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-187.NASL
    description Updated apache-mod_security packages fix security vulnerability : When ModSecurity receives a request body with a size bigger than the value set by the SecRequestBodyInMemoryLimit and with a Content-Type that has no request body processor mapped to it, ModSecurity will systematically crash on every call to forceRequestBodyVariable (in phase 1) (CVE-2013-2765).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67132
    published 2013-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67132
    title Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:187)
  • NASL family Firewalls
    NASL id MODSECURITY_2_7_4.NASL
    description According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.4. It is, therefore, potentially affected by a denial of service vulnerability. An error exists related to handling the action 'forceRequestBodyVariable' that could allow an HTTP request to cause a NULL pointer to be dereferenced and an application crash. Note that Nessus has not tested for this issue but has instead relied only on the version in the server's banner.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 67128
    published 2013-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67128
    title ModSecurity < 2.7.4 forceRequestBodyVariable Action Handling DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-MOD_SECURITY2-130802.NASL
    description This update of mod_security2 fixed a NULL pointer dereference crash (CVE-2013-2765) and a memory issue (double free()). (bnc#822664)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 69787
    published 2013-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69787
    title SuSE 11.3 Security Update : apache2-mod_security2 (SAT Patch Number 8149)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_APACHE_20140731.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header. (CVE-2013-2765)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80587
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80587
    title Oracle Solaris Third-Party Patch Update : apache (cve_2013_2765_denial_of)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-640.NASL
    description - complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_1 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs : - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling - [bnc#768293] multi-part bypass, minor threat - CVE-2013-1915 [bnc#813190] XML external entity vulnerability - CVE-2012-4528 [bnc#789393] rule bypass - CVE-2013-2765 [bnc#822664] NULL pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes : - GPLv2 replaced by Apache License v2 - rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. - documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. - renamed the term 'Encryption' in directives that actually refer to hashes. See CHANGES file for more details. - new directive SecXmlExternalEntity, default off - byte conversion issues on s390x when logging fixed. - many small issues fixed that were discovered by a Coverity scanner - updated reference manual - wrong time calculation when logging for some timezones fixed. - replaced time-measuring mechanism with finer granularity for measured request/answer phases. (Stopwatch remains for compat.) - cookie parser memory leak fix - parsing of quoted strings in multipart Content-Disposition headers fixed. - SDBM deadlock fix - @rsub memory leak fix - cookie separator code improvements - build failure fixes - compile time option --enable-htaccess-config (set)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75112
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75112
    title openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-641.NASL
    description - complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_1 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs : - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling - [bnc#768293] multi-part bypass, minor threat - CVE-2013-1915 [bnc#813190] XML external entity vulnerability - CVE-2012-4528 [bnc#789393] rule bypass - CVE-2013-2765 [bnc#822664] NULL pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes : - GPLv2 replaced by Apache License v2 - rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. - documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. - renamed the term 'Encryption' in directives that actually refer to hashes. See CHANGES file for more details. - new directive SecXmlExternalEntity, default off - byte conversion issues on s390x when logging fixed. - many small issues fixed that were discovered by a Coverity scanner - updated reference manual - wrong time calculation when logging for some timezones fixed. - replaced time-measuring mechanism with finer granularity for measured request/answer phases. (Stopwatch remains for compat.) - cookie parser memory leak fix - parsing of quoted strings in multipart Content-Disposition headers fixed. - SDBM deadlock fix - @rsub memory leak fix - cookie separator code improvements - build failure fixes - compile time option --enable-htaccess-config (set)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75113
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75113
    title openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)
packetstorm via4
data source https://packetstormsecurity.com/files/download/121815/modsecurity_cve_2013_2765_check.py.txt
id PACKETSTORM:121815
last seen 2016-12-05
published 2013-05-29
reporter Younes JAAIDI
source https://packetstormsecurity.com/files/121815/ModSecurity-Remote-Null-Pointer-Dereference.html
title ModSecurity Remote Null Pointer Dereference
refmap via4
bugtraq 20130528 [SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference
confirm
misc
mlist [mod-security-users] 20130527 Availability of ModSecurity 2.7.4 Stable Release
suse
  • openSUSE-SU-2013:1331
  • openSUSE-SU-2013:1336
  • openSUSE-SU-2013:1342
the hacker news via4
id THN:D432F92440C3CAC9BE8F70DBE9981F6F
last seen 2017-01-08
modified 2013-05-29
published 2013-05-29
reporter Mohit Kumar
source http://thehackernews.com/2013/05/upgrade-modsecurity-to-version-274-for.html
title Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability
Last major update 18-11-2013 - 23:47
Published 15-07-2013 - 11:55
Back to Top