Vulnerability Name:

CVE-2013-2765 (CCN-84544)

Assigned:2013-03-29
Published:2013-03-29
Updated:2021-02-10
Summary:The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-476
Vulnerability Consequences:Denial of Service
References:Source: BUGTRAQ
Type: Broken Link
20130528 [SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference

Source: MITRE
Type: CNA
CVE-2013-2765

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2013:1331

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2013:1336

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2013:1342

Source: CCN
Type: SA53535
ModSecurity "forceRequestBodyVariable" NULL Pointer Dereference Vulnerability

Source: MLIST
Type: Third Party Advisory
[mod-security-users] 20130527 Availability of ModSecurity 2.7.4 Stable Release

Source: CCN
Type: ModSecurity Web site
ModSecurity: Open Source Web Application Firewall

Source: CONFIRM
Type: Vendor Advisory
http://www.modsecurity.org/

Source: CCN
Type: BID-60182
ModSecurity CVE-2013-2765 NULL Pointer Dereference Remote Denial of Service Vulnerability

Source: MISC
Type: Third Party Advisory
http://www.shookalabs.com/

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=967615

Source: XF
Type: UNKNOWN
modsecurity-cve20132765-dos(84544)

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba

Source: CCN
Type: Packet Storm Security [05-29-2013]
ModSecurity Remote Null Pointer Dereference

Source: CCN
Type: ModSecurity GIT Repository
10 May 2013 - 2.7.4

Source: CONFIRM
Type: Broken Link
https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-31-2013]

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-2765

Vulnerable Configuration:Configuration 1:
  • cpe:/a:trustwave:modsecurity:*:*:*:*:*:*:*:* (Version < 2.7.4)
  • AND
  • cpe:/a:apache:http_server:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20132765
    V
    		CVE-2013-2765
    2022-09-02
    oval:org.opensuse.security:def:976
    P
    		Security update for apache2 (Important)
    2022-01-17
    oval:org.opensuse.security:def:111962
    P
    		apache2-mod_security2-2.9.0-5.6 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:26227
    P
    		Security update for the Linux Kernel (Important)
    2022-01-13
    oval:org.opensuse.security:def:1498
    P
    		Recommended update for php7 (Moderate)
    2021-12-06
    oval:org.opensuse.security:def:33050
    P
    		Security update for the Linux Kernel (Important)
    2021-11-30
    oval:org.opensuse.security:def:64617
    P
    		Security update for postgresql14 (Important)
    2021-11-22
    oval:org.opensuse.security:def:32219
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-11-19
    oval:org.opensuse.security:def:26163
    P
    		Security update for bind (Important)
    2021-11-11
    oval:org.opensuse.security:def:94196
    P
    		 (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:26152
    P
    		Security update for postgresql10 (Important)
    2021-10-20
    oval:org.opensuse.security:def:26151
    P
    		Security update for python3 (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:1551
    P
    		Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:105526
    P
    		apache2-mod_security2-2.9.0-5.6 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:33011
    P
    		Security update for hivex (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:90031
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:71291
    P
    		libopenssl-devel-1.1.0i-3.3.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:103686
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:71404
    P
    		sysvinit-tools-2.88+-1.26 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:2107
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:63196
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:96996
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:68051
    P
    		Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP1) (Important)
    2021-09-16
    oval:org.opensuse.security:def:1029
    P
    		Security update for libaom (Important)
    2021-09-09
    oval:org.opensuse.security:def:32163
    P
    		Security update for MozillaFirefox (Important)
    2021-08-17
    oval:org.opensuse.security:def:47512
    P
    		sysvinit-tools-2.88+-99.15 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48198
    P
    		libsqlite3-0-3.8.10.2-9.12.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47879
    P
    		rsync-3.1.0-13.13.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47497
    P
    		ruby-2.1-1.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47958
    P
    		autofs-5.1.3-1.17 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47565
    P
    		bash-4.3-83.15.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48251
    P
    		opie-2.4-724.56 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47633
    P
    		gstreamer-plugins-bad-1.8.3-17.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47550
    P
    		apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48011
    P
    		fuse-2.9.3-6.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47498
    P
    		sane-backends-1.0.24-3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48050
    P
    		java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47686
    P
    		libXv1-1.0.10-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47826
    P
    		mariadb-10.2.18-1.7 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47551
    P
    		apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48103
    P
    		libdcerpc-binding0-32bit-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:100909
    P
    		libfreebl3-3.53.1-3.51.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:66865
    P
    		Security update for containerd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:31639
    P
    		Security update for freeradius-server (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:48654
    P
    		xorg-x11-libs-7.6-45.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48549
    P
    		libsnmp30-5.7.3-4.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48558
    P
    		libtcnative-1-0-1.1.32-9.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48707
    P
    		telepathy-idle-0.2.0-1.62 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48412
    P
    		eog-3.20.4-7.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48725
    P
    		gstreamer-0_10-plugins-bad-0.10.23-17.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48611
    P
    		qemu-2.6.1-27.15 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48623
    P
    		squashfs-4.3-6.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48465
    P
    		libXext6-1.3.2-3.60 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48778
    P
    		icu-52.1-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36087
    P
    		apache2-mod_security2-2.7.1-0.2.18.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48496
    P
    		libgnomesu-2.0.0-353.6.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42494
    P
    		apache2-mod_security2-2.7.1-0.2.18.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48676
    P
    		gnome-shell-calendar-3.10.4-22.13 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64704
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:1609
    P
    		Security update for dhcp (Important)
    2021-06-02
    oval:org.opensuse.security:def:26062
    P
    		Security update for djvulibre (Important)
    2021-05-31
    oval:org.opensuse.security:def:70221
    P
    		Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:66773
    P
    		Security update for the Linux Kernel (Important)
    2021-05-12
    oval:org.opensuse.security:def:26213
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:32268
    P
    		Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:31565
    P
    		Security update for openssl (Important)
    2020-12-11
    oval:org.opensuse.security:def:32007
    P
    		Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:2054
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:117133
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63143
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107575
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2165
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63254
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:26266
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26493
    P
    		Security update for phpMyAdmin (Important)
    2020-12-01
    oval:org.opensuse.security:def:26869
    P
    		bind on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27600
    P
    		Security update for apache2-mod_security2
    2020-12-01
    oval:org.opensuse.security:def:25648
    P
    		Security update for python36 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32373
    P
    		Security update for tcpdump (Important)
    2020-12-01
    oval:org.opensuse.security:def:26368
    P
    		Security update for irssi (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50050
    P
    		apache2-mod_security2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26355
    P
    		Security update for erlang (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26781
    P
    		mailman on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49885
    P
    		gv on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31554
    P
    		Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73438
    P
    		libndp-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31920
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:25921
    P
    		Recommended update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:32307
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:26315
    P
    		Security update for MozillaThunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26577
    P
    		kvm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26883
    P
    		dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31771
    P
    		Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:73556
    P
    		apache2-mod_security2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25712
    P
    		Security update for python36 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49938
    P
    		apache2-mod_nss on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27050
    P
    		virt-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26412
    P
    		Security update for tor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26436
    P
    		Security update for pdns-recursor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49939
    P
    		apache2-mod_security2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26830
    P
    		t1lib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:67951
    P
    		pulseaudio on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25637
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25636
    P
    		Security update for libproxy (Important)
    2020-12-01
    oval:org.opensuse.security:def:25978
    P
    		Security update for tcpdump, libpcap (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32329
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26354
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27085
    P
    		apache2-mod_security2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49996
    P
    		davfs2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26728
    P
    		kernel-default on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27565
    P
    		rxvt-unicode on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31553
    P
    		Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26927
    P
    		kdelibs3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31863
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49992
    P
    		apache2-mod_security2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25840
    P
    		Security update for libvirt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:70116
    P
    		libsoup-devel on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:24822
    P
    		SUSE-SU-2013:1406-1 -- Security update for apache2-mod_security2
    2014-09-08
    oval:com.ubuntu.precise:def:20132765000
    V
    		CVE-2013-2765 on Ubuntu 12.04 LTS (precise) - medium.
    2013-07-15
    oval:com.ubuntu.trusty:def:20132765000
    V
    		CVE-2013-2765 on Ubuntu 14.04 LTS (trusty) - medium.
    2013-07-15
    oval:com.ubuntu.xenial:def:201327650000000
    V
    		CVE-2013-2765 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-07-15
    oval:com.ubuntu.xenial:def:20132765000
    V
    		CVE-2013-2765 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-07-15
    BACK
    trustwave modsecurity *
    apache http server *
    opensuse opensuse 11.4
    opensuse opensuse 12.2
    opensuse opensuse 12.3