apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | mod24_security | 2014-05-06 22:19 | ALAS-2014-334 |
Amazon Linux 1 | mod_security | 2014-05-06 22:19 | ALAS-2014-335 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:P/A:N |