Trustwave ModSecurity 2.7.0/2.7.1/2.7.2/2.7.3 forceRequestBodyVariable null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.7 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical was found in Trustwave ModSecurity 2.7.0/2.7.1/2.7.2/2.7.3. Impacted is an unknown function. The manipulation of the argument forceRequestBodyVariable results in null pointer dereference. This vulnerability is cataloged as CVE-2013-2765. Furthermore, there is an exploit available. Upgrading the affected component is advised.
Details
A vulnerability, which was classified as critical, was found in Trustwave ModSecurity 2.7.0/2.7.1/2.7.2/2.7.3. Affected is an unknown function. The manipulation of the argument forceRequestBodyVariable with an unknown input leads to a null pointer dereference vulnerability. CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. This is going to have an impact on availability. CVE summarizes:
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
The weakness was shared 05/10/2013 by Jan Lieskovsky with Red Hat Security Response Team as confirmed mailinglist post (oss-sec). The advisory is shared for download at seclists.org. This vulnerability is traded as CVE-2013-2765 since 04/07/2013. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known.
A public exploit has been developed by Younes JAAIDI and been published 3 weeks after the advisory. The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 67132 (Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:187)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Mandriva Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 166401 (OpenSuSE Security Update for apache2-mod_security2 (openSUSE-SU-2013:1342-1)).
Upgrading to version 2.7.4 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (84544), Exploit-DB (25852), Tenable (67132), SecurityFocus (BID 60182†) and OSVDB (93687†). The entries VDB-6798, VDB-8160, VDB-8314 and VDB-22887 are related to this item. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.7
VulDB Base Score: 7.5
VulDB Temp Score: 6.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Younes JAAIDI
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 67132
Nessus Name: Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:187)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 865688
OpenVAS Name: Fedora Update for mod_security FEDORA-2013-9518
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: ModSecurity 2.7.4
Timeline
04/07/2013 🔍05/10/2013 🔍
05/10/2013 🔍
05/10/2013 🔍
05/27/2013 🔍
05/28/2013 🔍
05/29/2013 🔍
05/29/2013 🔍
05/31/2013 🔍
07/03/2013 🔍
07/08/2013 🔍
07/15/2013 🔍
12/15/2024 🔍
Sources
Advisory: seclists.orgResearcher: Jan Lieskovsky
Organization: Red Hat Security Response Team
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-2765 (🔍)
GCVE (CVE): GCVE-0-2013-2765
GCVE (VulDB): GCVE-100-8904
OVAL: 🔍
X-Force: 84544
SecurityFocus: 60182 - ModSecurity CVE-2013-2765 NULL Pointer Dereference Remote Denial of Service Vulnerability
Secunia: 53535 - ModSecurity "forceRequestBodyVariable" NULL Pointer Dereference Vulnerability, Moderately Critical
OSVDB: 93687
Vulnerability Center: 40365 - ModSecurity <2.7.4 'forceRequestBodyVariable\x27 Null Pointer Dereference Allows Remote DoS, Medium
scip Labs: https://www.scip.ch/en/?labs.20130913
See also: 🔍
Entry
Created: 05/29/2013 11:34Updated: 12/15/2024 17:47
Changes: 05/29/2013 11:34 (85), 05/05/2017 08:46 (7), 05/14/2021 08:36 (3), 12/15/2024 17:47 (14)
Complete: 🔍
Committer:
Cache ID: 216:6FE:103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.