CVE-2007-1359

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
Configurations

Configuration 1

cpe:2.3:a:mod_security:mod_security:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mod_security:mod_security:2.1:*:*:*:*:*:*:*
cpe:2.3:a:mod_security:mod_security:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mod_security:mod_security:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mod_security:mod_security:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:mod_security:mod_security:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mod_security:mod_security:1.7.4:*:*:*:*:*:*:*

Information

Published : 2007-03-08 10:19

Updated : 2017-07-29 01:30


NVD link : CVE-2007-1359

Mitre link : CVE-2007-1359

Products Affected
No products.