Vulnerabilities > CVE-2013-5705

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

trustwave

debian

nessus

NVD

Published: 2014-04-15

Updated: 2021-02-12

Summary

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

Vulnerable Configurations

Part	Description	Count
Application	Trustwave Trustwave Modsecurity 2.0.0 Trustwave Modsecurity 2.0.1 Trustwave Modsecurity 2.0.2 Trustwave Modsecurity 2.0.3 Trustwave Modsecurity 2.0.4 Trustwave Modsecurity 2.1.0 Trustwave Modsecurity 2.1.1 Trustwave Modsecurity 2.1.2 Trustwave Modsecurity 2.1.3 Trustwave Modsecurity 2.1.4 Trustwave Modsecurity 2.1.5 Trustwave Modsecurity 2.1.6 Trustwave Modsecurity 2.1.7 Trustwave Modsecurity 2.2.0 Trustwave Modsecurity 2.5.0 Trustwave Modsecurity 2.5.1 Trustwave Modsecurity 2.5.2 Trustwave Modsecurity 2.5.3 Trustwave Modsecurity 2.5.4 Trustwave Modsecurity 2.5.5 Trustwave Modsecurity 2.5.6 Trustwave Modsecurity 2.5.7 Trustwave Modsecurity 2.5.8 Trustwave Modsecurity 2.5.9 Trustwave Modsecurity 2.5.10 Trustwave Modsecurity 2.5.11 Trustwave Modsecurity 2.5.12 Trustwave Modsecurity 2.5.13 Trustwave Modsecurity 2.6.0 Trustwave Modsecurity 2.6.1 Trustwave Modsecurity 2.6.2 Trustwave Modsecurity 2.6.3 Trustwave Modsecurity 2.6.4 Trustwave Modsecurity 2.6.5 Trustwave Modsecurity 2.6.6 Trustwave Modsecurity 2.6.7 Trustwave Modsecurity 2.6.8 Trustwave Modsecurity 2.7.0 Trustwave Modsecurity 2.7.1 Trustwave Modsecurity 2.7.2 Trustwave Modsecurity 2.7.3 Trustwave Modsecurity 2.7.4 Trustwave Modsecurity 2.7.5	93
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 7.0	2

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-501.NASL
description	This is apache2-mod_security2 update fixes the following security issue : - Specially drafted chunked http requests allow to bypass filters configured in mod_security2. This vulnerability is known as CVE-2013-5705 and was handled in bnc#871309.
last seen	2020-06-05
modified	2014-08-21
plugin id	77290
published	2014-08-21
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77290
title	openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2014:1047-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-501. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(77290); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-5705"); script_name(english:"openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2014:1047-1)"); script_summary(english:"Check for the openSUSE-2014-501 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is apache2-mod_security2 update fixes the following security issue : - Specially drafted chunked http requests allow to bypass filters configured in mod_security2. This vulnerability is known as CVE-2013-5705 and was handled in bnc#871309." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=871309" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-08/msg00034.html" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2-mod_security2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3\|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"apache2-mod_security2-2.7.5-2.10.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"apache2-mod_security2-debuginfo-2.7.5-2.10.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"apache2-mod_security2-debugsource-2.7.5-2.10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_security2-2.8.0-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_security2-debuginfo-2.8.0-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_security2-debugsource-2.8.0-4.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_security2 / apache2-mod_security2-debuginfo / etc"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2991.NASL
description	Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header, allowing to send requests containing content that should have been removed by mod_security.
last seen	2020-03-17
modified	2014-07-28
plugin id	76858
published	2014-07-28
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76858
title	Debian DSA-2991-1 : modsecurity-apache - security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2991. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(76858); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-5705"); script_bugtraq_id(66552); script_xref(name:"DSA", value:"2991"); script_name(english:"Debian DSA-2991-1 : modsecurity-apache - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header, allowing to send requests containing content that should have been removed by mod_security." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/modsecurity-apache" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2991" ); script_set_attribute( attribute:"solution", value: "Upgrade the modsecurity-apache packages. For the stable distribution (wheezy), this problem has been fixed in version 2.6.6-6+deb7u2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:modsecurity-apache"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libapache-mod-security", reference:"2.6.6-6+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libapache2-modsecurity", reference:"2.6.6-6+deb7u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2014-335.NASL
description	apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
last seen	2020-06-01
modified	2020-06-02
plugin id	78278
published	2014-10-12
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78278
title	Amazon Linux AMI : mod_security (ALAS-2014-335)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-335. # include("compat.inc"); if (description) { script_id(78278); script_version("1.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2013-5705"); script_xref(name:"ALAS", value:"2014-335"); script_name(english:"Amazon Linux AMI : mod_security (ALAS-2014-335)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-335.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update mod_security' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mlogc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_security"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_security-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"mlogc-2.7.3-3.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mod_security-2.7.3-3.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mod_security-debuginfo-2.7.3-3.23.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mlogc / mod_security / mod_security-debuginfo"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-34.NASL
description	Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2015-03-26
plugin id	82182
published	2015-03-26
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82182
title	Debian DLA-34-1 : libapache-mod-security security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-34-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82182); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-5705"); script_bugtraq_id(66552); script_name(english:"Debian DLA-34-1 : libapache-mod-security security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2014/08/msg00008.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/libapache-mod-security" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache-mod-security"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mod-security-common"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libapache-mod-security", reference:"2.5.12-1+squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"mod-security-common", reference:"2.5.12-1+squeeze4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-4633.NASL
description	Fix Chunked string case sensitive issue (CVE-2013-5705, RHBZ #1082904 #1082905 #1082906) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-04-15
plugin id	73504
published	2014-04-15
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73504
title	Fedora 20 : mod_security-2.7.5-3.fc20 (2014-4633)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-4633. # include("compat.inc"); if (description) { script_id(73504); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-5705"); script_bugtraq_id(66552); script_xref(name:"FEDORA", value:"2014-4633"); script_name(english:"Fedora 20 : mod_security-2.7.5-3.fc20 (2014-4633)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix Chunked string case sensitive issue (CVE-2013-5705, RHBZ #1082904 #1082905 #1082906) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1082904" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131375.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?865ca9d5" ); script_set_attribute( attribute:"solution", value:"Update the affected mod_security package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_security"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"mod_security-2.7.5-3.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_security"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2014-334.NASL
description	apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
last seen	2020-06-01
modified	2020-06-02
plugin id	78277
published	2014-10-12
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78277
title	Amazon Linux AMI : mod24_security (ALAS-2014-334)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-334. # include("compat.inc"); if (description) { script_id(78277); script_version("1.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2013-5705"); script_xref(name:"ALAS", value:"2014-334"); script_name(english:"Amazon Linux AMI : mod24_security (ALAS-2014-334)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-334.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update mod24_security' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mlogc24"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_security"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_security-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"mlogc24-2.7.3-3.24.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mod24_security-2.7.3-3.24.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mod24_security-debuginfo-2.7.3-3.24.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mlogc24 / mod24_security / mod24_security-debuginfo"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2014-081.NASL
description	Updated apache-mod_security packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security (CVE-2013-5705).
last seen	2020-06-01
modified	2020-06-02
plugin id	73932
published	2014-05-09
reporter	This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73932
title	Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2014:081)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-4720.NASL
description	Fix Chunked string case sensitive issue (CVE-2013-5705, RHBZ #1082904 #1082905 #1082906) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-04-15
plugin id	73507
published	2014-04-15
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73507
title	Fedora 19 : mod_security-2.7.5-3.fc19 (2014-4720)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_APACHE2-MOD_SECURITY2-140807.NASL
description	This apache2-mod_security2 update fixes the following security issue : - bypass of intended rules via chunked requests (CVE-2013-5705). (bnc#871309)
last seen	2020-06-05
modified	2014-08-09
plugin id	77099
published	2014-08-09
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77099
title	SuSE 11.3 Security Update : apache2-mod_security2 (SAT Patch Number 9585)

NASL family	Firewalls
NASL id	MODSECURITY_2_7_6.NASL
description	According to its banner, the version of ModSecurity installed on the remote host is prior to 2.7.6. It is, therefore, potentially affected by a filter bypass vulnerability. A filter bypass vulnerability exists with
last seen	2020-06-01
modified	2020-06-02
plugin id	73962
published	2014-05-12
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73962
title	ModSecurity < 2.7.6 Chunked Header Filter Bypass

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2015-106.NASL
description	Updated apache-mod_security packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security (CVE-2013-5705).
last seen	2020-06-01
modified	2020-06-02
plugin id	82359
published	2015-03-30
reporter	This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82359
title	Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2015:106)

Seebug

bulletinFamily	exploit
description	CVE ID:CVE-2013-5705 ModSecurity是一个入侵侦测与防护引擎,它主要是用于Web应用程序,所以也被称为Web应用程序防火墙。 ModSecurity 2.7.6之前版本在"modsecurity_tx_init()"函数(apache2/modsecurity.c)的实现中存在错误，恶意用户通过分块编码的特制请求，利用此漏洞可绕过HTTP请求主体处理。 0 modsecurity modsecurity < 2.7.6 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://sourceforge.net/projects/mod-security/
id	SSV:62035
last seen	2017-11-19
modified	2014-04-02
published	2014-04-02
reporter	Root
title	ModSecurity HTTP请求分块编码安全限制绕过漏洞

Vulnerabilities > CVE-2013-5705 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2013-5705"}]}

Summary

Vulnerable Configurations

Nessus

Seebug

References

Vulnerabilities > CVE-2013-5705