VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 8, 2007· Updated Apr 23, 2026

CVE-2007-1359

CVE-2007-1359

Description

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

Affected products

7
  • Mod Security/Mod Security7 versions
    cpe:2.3:a:mod_security:mod_security:1.7:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:mod_security:mod_security:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:1.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mod_security:mod_security:2.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

15

News mentions

0

No linked articles in our index yet.