CVE-2013-5705 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2013-5705

CWE

https://cwe.mitre.org/data/definitions/.html

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

Affected Software

Name	Vendor	Start Version	End Version
Modsecurity	Trustwave	*	2.7.6 (excluding)
Libapache-mod-security	Ubuntu	lucid	*
Libapache-mod-security	Ubuntu	upstream	*
Modsecurity-apache	Ubuntu	precise	*
Modsecurity-apache	Ubuntu	quantal	*
Modsecurity-apache	Ubuntu	saucy	*
Modsecurity-apache	Ubuntu	upstream	*

References

http://martin.swende.se/blog/HTTPChunked.html
http://www.debian.org/security/2014/dsa-2991
https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d