#VU41813 Permissions, Privileges, and Access Controls in ModSecurity - CVE-2013-5705

Cybersecurity Help s.r.o.

Published: 2014-04-15 | Updated: 2020-08-10

Vulnerability identifier: #VU41813

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-5705

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ModSecurity
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Trustwave

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

Mitigation
Install update from vendor's website.

Vulnerable software versions

ModSecurity: 2.0.0 - 2.0.4, 2.1.0 - 2.1.6, 2.5.0 - 2.5.13, 2.6.0 - 2.6.8, 2.7.0 - 2.7.4

External links
https://martin.swende.se/blog/HTTPChunked.html
https://www.debian.org/security/2014/dsa-2991
https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for mod_security

Amazon Linux AMI update for mod24_security

Permissions, Privileges, and Access Controls in Trustwave ModSecurity