Vigil@nce - ModSecurity: bypassing via Chunked
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use HTTP Chunked data, in order to bypass
ModSecurity rules.
– Impacted products: Apache httpd, Fedora, Unix (platform)
– Severity: 2/4
– Creation date: 01/04/2014
DESCRIPTION OF THE VULNERABILITY
The HTTP Transfer-Encoding header can use the "chunked" type, to
indicate that data is split in chunks before being transmitted.
However, if an attacker uses the "Chunked" (C uppercase) type,
ModSecurity does not recognize it, but Apache httpd accepts it.
An attacker can therefore use HTTP Chunked data, in order to
bypass ModSecurity rules.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ModSecurity-bypassing-via-Chunked-14504