Summary
This host is running ModSecurity and is prone to Security Bypass vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary codes in the context of the web application and bypass certain security restrictions.
Solution
Upgrade to version 2.5.6 or later.
http://www.modsecurity.org/download/
Insight
This flaw is due an error within the transformation caching which can cause evasion into ModSecurity. These can be exploited when SecCacheTransformations is enabled.
Affected
ModSecurity version from 2.5.0 to 2.5.5 on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-5676 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
- HServer Webserver Multiple Directory Traversal Vulnerabilities
- Kolibri Webserver 'HEAD' Request Processing Buffer Overflow Vulnerability
- Check for dangerous IIS default files