ModSecurity 'mod_headers' module Security Bypass Vulnerability

Bugtraq ID: 66550
Class: Input Validation Error
CVE: CVE-2013-5704
Remote: Yes
Local: No
Published: Mar 31 2014 12:00AM
Updated: Jul 06 2016 03:06PM
Credit: Martin Holst Swende
Vulnerable: Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Slackware Slackware Linux 13.37
Slackware Slackware Linux 13.0
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Oracle Enterprise Manager Ops Center 11.1
IBM WebSphere Application Server for z/OS 7.0.0.20
IBM Websphere Application Server 8.0 2
IBM Websphere Application Server 7.0 3
IBM Websphere Application Server 7.0 21
IBM Websphere Application Server 7.0 .9
IBM Websphere Application Server 7.0 .8
IBM Websphere Application Server 7.0 .2
IBM Websphere Application Server 7.0 .13
IBM Websphere Application Server 7.0 .12
IBM Websphere Application Server 7.0 .11
IBM Websphere Application Server 6.1 41
IBM Websphere Application Server 6.1 .9
IBM Websphere Application Server 6.1 .8
IBM Websphere Application Server 6.1 .7
IBM Websphere Application Server 6.1 .6
IBM Websphere Application Server 6.1 .5
IBM Websphere Application Server 6.1 .4
IBM Websphere Application Server 6.1 .33
IBM Websphere Application Server 6.1 .32
IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.1 .25
IBM Websphere Application Server 6.1 .23
IBM Websphere Application Server 6.1 .22
IBM Websphere Application Server 6.1 .21
IBM Websphere Application Server 6.1 .20
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .19
IBM Websphere Application Server 6.1 .18
IBM Websphere Application Server 6.1 .17
IBM Websphere Application Server 6.1 .15
IBM Websphere Application Server 6.1 .14
IBM Websphere Application Server 6.1 .13
IBM Websphere Application Server 6.1 .12
IBM Websphere Application Server 6.1 .11
IBM Websphere Application Server 6.1 .10
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.0.2 .9
IBM Websphere Application Server 6.0.2 .7
IBM Websphere Application Server 6.0.2 .5
IBM Websphere Application Server 6.0.2 .39
IBM Websphere Application Server 6.0.2 .35
IBM Websphere Application Server 6.0.2 .33
IBM Websphere Application Server 6.0.2 .31
IBM Websphere Application Server 6.0.2 .3
IBM Websphere Application Server 6.0.2 .29
IBM Websphere Application Server 6.0.2 .27
IBM Websphere Application Server 6.0.2 .25
IBM Websphere Application Server 6.0.2 .24
IBM Websphere Application Server 6.0.2 .23
IBM Websphere Application Server 6.0.2 .22
IBM Websphere Application Server 6.0.2 .21
IBM Websphere Application Server 6.0.2 .17
IBM Websphere Application Server 6.0.2 .15
IBM Websphere Application Server 6.0.2 .13
IBM Websphere Application Server 6.0.2 .11
IBM Websphere Application Server 6.0.2 .1
IBM Websphere Application Server 6.0.2
IBM Websphere Application Server 8.0.0.4
IBM Websphere Application Server 8.0.0.1
IBM Websphere Application Server 8.0.0.0
IBM Websphere Application Server 8.0
IBM Websphere Application Server 7.0.0.7
IBM Websphere Application Server 7.0.0.6
IBM Websphere Application Server 7.0.0.5
IBM Websphere Application Server 7.0.0.4
IBM Websphere Application Server 7.0.0.23
IBM Websphere Application Server 7.0.0.19
IBM Websphere Application Server 7.0.0.17
IBM Websphere Application Server 7.0.0.15
IBM Websphere Application Server 7.0.0.14
IBM Websphere Application Server 7.0.0.13
IBM Websphere Application Server 7.0.0.1
IBM Websphere Application Server 7.0.0.0
IBM Websphere Application Server 6.1.0.45
IBM Websphere Application Server 6.1.0.43
IBM Websphere Application Server 6.1.0.39
IBM Websphere Application Server 6.1.0.37
IBM Websphere Application Server 6.1.0.35
IBM Websphere Application Server 6.1.0.34
IBM Websphere Application Server 6.1.0.33
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.1.0.29
IBM Websphere Application Server 6.1.0.27
IBM Websphere Application Server 6.0.2.43
IBM Websphere Application Server 6.0.2.41
IBM Websphere Application Server 6.0.2.19
IBM Websphere Application Server 6.0.2 Fix Pack 17
IBM HTTP Server 7.0 .11
IBM HTTP Server 6.1 .31
IBM HTTP Server 6.1 .27
IBM HTTP Server 6.1 .25
IBM HTTP Server 6.1 .19
IBM HTTP Server 6.1 .17
IBM HTTP Server 6.1 .15
IBM HTTP Server 6.0.2 .41
IBM HTTP Server 6.0.2 .35
IBM HTTP Server 6.0.2 .33
IBM HTTP Server 6.0.2 .27
IBM HTTP Server 6.0.2 .13
IBM HTTP Server 6.0.2
IBM HTTP Server 8.0.0.1
IBM HTTP Server 8.0
IBM HTTP Server 7.0.0.5
IBM HTTP Server 7.0.0.21
IBM HTTP Server 7.0.0.19
IBM HTTP Server 7.0.0.17
IBM HTTP Server 7.0.0.15
IBM HTTP Server 7.0.0.13
IBM HTTP Server 7.0
IBM HTTP Server 6.1.0.39
IBM HTTP Server 6.1.0.37
IBM HTTP Server 6.1.0.35
IBM HTTP Server 6.1.0.13
IBM HTTP Server 6.1.0.1
IBM HTTP Server 6.1.0
IBM HTTP Server 6.0.2.43
IBM HTTP Server 6.0.2.23
IBM HTTP Server 6.0.2.19
IBM HTTP Server 6.0.2.12
HP HP-UX B.11.31
Avaya Aura Experience Portal 6.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus