ModSecurity 'SecCacheTransformations' Security Bypass Vulnerability Network Vulnerability

Summary

This host is running ModSecurity and is prone to Security Bypass vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary codes in the context of the web application and bypass certain security restrictions.

Solution

Upgrade to version 2.5.6 or later. http://www.modsecurity.org/download/

Insight

This flaw is due an error within the transformation caching which can cause evasion into ModSecurity. These can be exploited when SecCacheTransformations is enabled.

Affected

ModSecurity version from 2.5.0 to 2.5.5 on Linux.

References

http://blog.modsecurity.org/2008/08/transformation.html
http://secunia.com/advisories/32146

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5676

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Tomcat Session Fixation Vulnerability (Windows)
Acritum Femitter Server URI Directory Traversal Vulnerability
CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
IBM WebSphere Application Server Administration Console DoS vulnerability
HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability

Take action and discover your vulnerabilities