VYPR
Unrated severityNVD Advisory· Published Mar 8, 2007· Updated Jun 16, 2026

CVE-2007-1359

CVE-2007-1359

Description

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:a:mod_security:mod_security:1.7:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:mod_security:mod_security:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:2.1:*:*:*:*:*:*:*
  • Range: <=2.1.0
  • PHP/PHPllm-fuzzy
    Range: = 5.2.0

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.