CVE-2007-1359: CVE-2007-1359

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-1359

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Mod_Security ASCIIZ字节绕过安全限制漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

mod_security是经常与PHP结合使用的Web应用防火墙。 mod_security在处理特定的HTTP数据时存在漏洞，远程攻击者可能利用此漏洞绕过某些安全限制。在接收到请求后mod_security会将其解析成为Web应用参数。由于解析入站数据的方式遵循RFC中所定义的规则而不一定是Perl、Python、Java或PHP中的HTTP请求解析器所兼容的方式，因此如果RFC与实际实现方式不匹配时可能存在一些限制绕过漏洞。其中一种不匹配情况是处理application/x-www-form-ur

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-1359

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-1359

Please Login to view more intelligence information

http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.htmlx_refsource_CONFIRM
http://www.php-security.org/MOPB/BONUS-12-2007.htmlx_refsource_MISC
http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.htmlx_refsource_CONFIRM
http://secunia.com/advisories/31087third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25316third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24373third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/32778vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/31113third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/22831vdb-entryx_refsource_BID
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2008/2109/referencesvdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2115vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/0868vdb-entryx_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-200705-17.xmlvendor-advisoryx_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/32872vdb-entryx_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2007-1359

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2007-1359

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2007-1359

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2007-1359

III. Intelligence Information for CVE-2007-1359

New Vulnerabilities

V. Comments for CVE-2007-1359

Leave a comment