CVE-2007-1359

CVE-2007-1359 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

Learn more about our Web Application Penetration Testing UK.