Advisories ยป MGASA-2014-0180

Updated apache-mod_security packages fix security vulnerability

Publication date: 17 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-5705

Description

Updated apache-mod_security packages fix security vulnerability:

Martin Holst Swende discovered a flaw in the way mod_security handled
chunked requests. A remote attacker could use this flaw to bypass 
intended mod_security restrictions, allowing them to send requests
containing content that should have been removed by mod_security
(CVE-2013-5705).
                

References

SRPMS

3/core

4/core