Breno Silva

2 exploits Active since Apr 2013

CVE-2013-1915 WRITEUP WRITEUP

Trustwave Modsecurity < 2.7.3 - XXE

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

View Code

CVE-2013-5705 WRITEUP WRITEUP

ModSecurity <2.7.6 - Auth Bypass

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

View Code