CVE-2013-2765

Published: 15 July 2013

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

Priority

Status

Package	Release	Status
modsecurity-apache Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist (precise was needed)
	trusty	Not vulnerable (2.7.7-2)
	upstream	Released (2.7.4)
	wily	Not vulnerable
	xenial	Not vulnerable
	yakkety	Not vulnerable
	zesty	Not vulnerable
	Patches: upstream: https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765
https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710217

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›