Debian Security Advisory

DLA-34-1 libapache-mod-security -- LTS security update

Date Reported:
09 Aug 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2013-5705.
More information:

Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security.

For Debian 6 Squeeze, these issues have been fixed in libapache-mod-security version 2.5.12-1+squeeze4