Vulnerability Details : CVE-2007-1359
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
Exploit prediction scoring system (EPSS) score for CVE-2007-1359
Probability of exploitation activity in the next 30 days: 15.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-1359
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2007-1359
-
http://www.securityfocus.com/bid/22831
Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/0868
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32872
- http://www.vupen.com/english/advisories/2008/2109/references
-
http://www.gentoo.org/security/en/glsa/glsa-200705-17.xml
- http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html
-
http://www.php-security.org/MOPB/BONUS-12-2007.html
Exploit;Vendor Advisory
- http://www.vupen.com/english/advisories/2008/2115
-
http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143
Products affected by CVE-2007-1359
- cpe:2.3:a:mod_security:mod_security:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mod_security:mod_security:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_security:mod_security:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_security:mod_security:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:mod_security:mod_security:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_security:mod_security:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_security:mod_security:2.1:*:*:*:*:*:*:*