CVE-2013-2765

ModSecurity < 2.7.4 - Denial of Service via Crafted Content-Type Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2765. PoCs published by Younes JAAIDI.

AI-analyzed exploit summary This exploit triggers a DoS in ModSecurity by sending a request with a large body size and an unmapped Content-Type, causing a crash in versions prior to 2.7.4. The PoC sends a GET request with a payload of 'A' characters to test for vulnerability.

Description

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

Exploits (1)

exploitdb WORKING POC

by Younes JAAIDI · pythondosmultiple

https://www.exploit-db.com/exploits/25852

View Code ZIP pw:eip

This exploit triggers a DoS in ModSecurity by sending a request with a large body size and an unmapped Content-Type, causing a crash in versions prior to 2.7.4. The PoC sends a GET request with a payload of 'A' characters to test for vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: ModSecurity < 2.7.4

No auth needed

Prerequisites: Target running vulnerable ModSecurity version · Network access to the target

MITRE ATT&CK