CVE-2007-1359 | Vulnerability Database | Aqua Security

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

Affected Software

Name	Vendor	Start Version	End Version
Mod_security	Mod_security	1.7 (including)	1.7 (including)
Mod_security	Mod_security	1.7.1 (including)	1.7.1 (including)
Mod_security	Mod_security	1.7.2 (including)	1.7.2 (including)
Mod_security	Mod_security	1.7.4 (including)	1.7.4 (including)
Mod_security	Mod_security	1.7.5 (including)	1.7.5 (including)
Mod_security	Mod_security	1.9.4 (including)	1.9.4 (including)
Mod_security	Mod_security	2.1 (including)	2.1 (including)
Libapache-mod-security	Ubuntu	dapper	*
Libapache-mod-security	Ubuntu	edgy	*
Libapache-mod-security	Ubuntu	upstream	*

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143
http://secunia.com/advisories/24373
http://secunia.com/advisories/25316
http://secunia.com/advisories/31087
http://secunia.com/advisories/31113
http://www.gentoo.org/security/en/glsa/glsa-200705-17.xml
http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.html
http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html
http://www.osvdb.org/32778
http://www.php-security.org/MOPB/BONUS-12-2007.html
http://www.securityfocus.com/bid/22831
http://www.vupen.com/english/advisories/2007/0868
http://www.vupen.com/english/advisories/2008/2109/references
http://www.vupen.com/english/advisories/2008/2115
https://exchange.xforce.ibmcloud.com/vulnerabilities/32872

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1359
CWE	https://cwe.mitre.org/data/definitions/.html