CVE-2007-1359

ModSecurity <= 2.1.0 - Request Rule Bypass via ASCIIZ Byte in POST Data

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1359. PoCs published by Stefan Esser.

AI-analyzed exploit summary This is a technical writeup detailing a POST rules bypass vulnerability in mod_security <= 2.1.0 due to mishandling of ASCIIZ bytes in POST data. It explains the discrepancy between RFC-compliant parsing and real-world HTTP parsers in scripting languages, leading to XSS bypass.

Description

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stefan Esser · textremotemultiple

https://www.exploit-db.com/exploits/3425

View Code ZIP pw:eip

This is a technical writeup detailing a POST rules bypass vulnerability in mod_security <= 2.1.0 due to mishandling of ASCIIZ bytes in POST data. It explains the discrepancy between RFC-compliant parsing and real-world HTTP parsers in scripting languages, leading to XSS bypass.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: mod_security <= 2.1.0

No auth needed

Prerequisites: A web application using mod_security <= 2.1.0 · Ability to send crafted POST requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (15)

Core 15

Core References

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2115

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/32872

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/0868

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143

Exploit, Vendor Advisory x_refsource_misc

http://www.php-security.org/MOPB/BONUS-12-2007.html

Various Sources x_refsource_confirm

http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25316

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2109/references

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24373

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31087

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200705-17.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31113

Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22831

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/32778

Scores

EPSS 0.0662

EPSS Percentile 93.0%

Details

Status published

Products (7)

mod_security/mod_security 1.7

mod_security/mod_security 1.7.1

mod_security/mod_security 1.7.2

mod_security/mod_security 1.7.4

mod_security/mod_security 1.7.5

mod_security/mod_security 1.9.4

mod_security/mod_security 2.1

Published Mar 08, 2007

Tracked Since Feb 18, 2026