Skip to main content

Modsecurity CVE-2013-2765

MEDIUM
NULL Pointer Dereference (CWE-476)
2013-07-15 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Jul 15, 2013 - 15:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

AnalysisAI

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header. Affected products include: Trustwave Modsecurity, Opensuse. Version information: before 2.7.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2025-27110 HIGH POC
7.9 Feb 25

Libmodsecurity is one component of the ModSecurity v3 project. Rated high severity (CVSS 7.9), this vulnerability is rem

CVE-2025-48866 HIGH POC
7.5 Jun 02

ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` ac

CVE-2021-42717 HIGH POC
7.5 Dec 07

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Rated high severity (CVSS 7.5), this vulnerabi

CVE-2020-15598 HIGH POC
7.5 Oct 06

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. Rated high severity (CVSS 7.5),

CVE-2012-4528 MEDIUM POC
5.0 Dec 28

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver ar

CVE-2018-13065 MEDIUM POC
6.1 Jul 03

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. Rated medium severity (CVSS 6.1), this vulnerabili

CVE-2013-5705 MEDIUM POC
5.0 Apr 15

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer codi

CVE-2026-52747 HIGH
8.6 Jul 10

WAF filtering bypass in OWASP ModSecurity (libmodsecurity) before 3.0.16 lets remote unauthenticated attackers smuggle m

CVE-2024-1019 HIGH
8.6 Jan 30

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially

CVE-2013-1915 HIGH
7.5 Apr 25

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cau

CVE-2024-46292 HIGH
7.5 Oct 09

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserte

CVE-2023-38285 HIGH
7.5 Jul 26

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. Rated high severity (CVSS 7.5), this vul

Share

CVE-2013-2765 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy