Candidate: CVE-2013-5705
PublicDate: 2014-04-15 10:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5705
 http://martin.swende.se/blog/HTTPChunked.html
Description:
 apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers
 to bypass rules by using chunked transfer coding with a capitalized Chunked
 value in the Transfer-Encoding HTTP header.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Martin Holst Swende
Assigned-to:
CVSS: 

Patches_modsecurity-apache:
 upstream: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
upstream_modsecurity-apache: released (2.7.7-1, 2.7.6)
lucid_modsecurity-apache: DNE
precise_modsecurity-apache: ignored (reached end-of-life)
precise/esm_modsecurity-apache: DNE (precise was needed)
quantal_modsecurity-apache: ignored (reached end-of-life)
saucy_modsecurity-apache: ignored (reached end-of-life)
trusty_modsecurity-apache: not-affected (2.7.7-2)
trusty/esm_modsecurity-apache: not-affected (2.7.7-2)
utopic_modsecurity-apache: not-affected (2.7.7-2)
vivid_modsecurity-apache: not-affected (2.7.7-2)
vivid/stable-phone-overlay_modsecurity-apache: DNE
vivid/ubuntu-core_modsecurity-apache: DNE
wily_modsecurity-apache: not-affected (2.7.7-2)
xenial_modsecurity-apache: not-affected (2.7.7-2)
yakkety_modsecurity-apache: not-affected (2.7.7-2)
zesty_modsecurity-apache: not-affected (2.7.7-2)
devel_modsecurity-apache: not-affected (2.7.7-2)

Patches_libapache-mod-security:
 upstream: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
upstream_libapache-mod-security: released (2.7.6)
lucid_libapache-mod-security: ignored (reached end-of-life)
precise_libapache-mod-security: DNE
precise/esm_libapache-mod-security: DNE
quantal_libapache-mod-security: DNE
saucy_libapache-mod-security: DNE
trusty_libapache-mod-security: DNE
trusty/esm_libapache-mod-security: DNE
utopic_libapache-mod-security: DNE
vivid_libapache-mod-security: DNE
vivid/stable-phone-overlay_libapache-mod-security: DNE
vivid/ubuntu-core_libapache-mod-security: DNE
wily_libapache-mod-security: DNE
xenial_libapache-mod-security: DNE
yakkety_libapache-mod-security: DNE
zesty_libapache-mod-security: DNE
devel_libapache-mod-security: DNE