Debian Security Advisory
DLA-34-1 libapache-mod-security -- LTS security update
- Date Reported:
- 09 Aug 2014
- Affected Packages:
- libapache-mod-security
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-5705.
- More information:
-
Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security.
For Debian 6
Squeeze
, these issues have been fixed in libapache-mod-security version 2.5.12-1+squeeze4