• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mod_Security ASCIIZ Byte POST Bypass Vulnerability

Bugtraq ID:	22831
Class:	Input Validation Error
CVE:	CVE-2007-1359
Remote:	Yes
Local:	No
Published:	Mar 06 2007 12:00AM
Updated:	Jul 15 2008 11:09PM
Credit:	Stefan Esser disclosed this issue.
Vulnerable:	Oracle Oracle10g Application Server 10.1.3 .3.0 Oracle Oracle10g Application Server 10.1.3 .2.0 Oracle Oracle10g Application Server 10.1.3 .1.0 Oracle Oracle10g Application Server 10.1.3 .0.0 Oracle Oracle10g Application Server 10.1.2 .2.0 Oracle Oracle10g Application Server 10.1.2 Oracle Oracle10g Application Server 10.1.2.3.0 Oracle Application Server Release 2 10.1.2 .0.0 Oracle Application Server 10g 10.1.2 mod_security mod_security 2.1 mod_security mod_security 1.9.4 mod_security mod_security 1.7.5 mod_security mod_security 1.7.4 mod_security mod_security 1.7.2 mod_security mod_security 1.7.1 mod_security mod_security 1.7 Gentoo Linux
Not Vulnerable:	mod_security mod_security 2.1.1