CVE-2008-5676

Description

Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."

Affected products

• breach / modsecurity2.5.0
• breach / modsecurity2.5.1 – 2.5.1
• breach / modsecurity2.5.2 – 2.5.2
• breach / modsecurity2.5.3 – 2.5.3
• breach / modsecurity2.5.4 – 2.5.4

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/32146
• MISChttp://blog.modsecurity.org/2008/08/transformation.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2795
• MISChttp://freshmeat.net/projects/modsecurity/?branch_id=34901&release_id=282329
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/45770