FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

www/mod_security -- NULL pointer dereference DoS

Affected packages
mod_security < 2.7.3

Details

VuXML ID 9dfb63b8-8f36-11e2-b34d-000c2957946c
Discovery 2013-05-27
Entry 2013-06-03

SecurityFocus reports:

When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable".

[source]

References

CVE Name CVE-2013-2765
URL https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2765

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.