ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a string index out of range error and worker-process crash for a Cookie: =abc header.
The product does not handle or incorrectly handles an exceptional condition.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Modsecurity | Trustwave | 3.0.0 (including) | 3.0.4 (excluding) |