Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Tue May 28 2013 - 16:02:13 CDT
CVE Number: CVE-2013-2765 / ModSecurity Remote Null Pointer Dereference
When ModSecurity receives a request body with a size bigger than the
value set by the "SecRequestBodyInMemoryLimit" and with a
"Content-Type" that has no request body processor mapped to it,
ModSecurity will systematically crash on every call to
"forceRequestBodyVariable" (in phase 1).
In addition to the segfault that occurs here, ModSecurity will not
remove the temporary request body file and the temporary directory
(set by the "SecTmpDir" directive) will keep growing until saturation.
Details : http://www.shookalabs.com/#advisory-cve-2013-2765
Exploit : https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py
Solution : Upgrade to 2.7.4 https://www.modsecurity.org