Vulnerability Details CVE-2008-5676
Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://blog.modsecurity.org/2008/08/transformation.html
- http://freshmeat.net/projects/modsecurity/?branch_id=34901&release_id=282329
- http://secunia.com/advisories/32146
- http://www.vupen.com/english/advisories/2008/2795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45770
- http://blog.modsecurity.org/2008/08/transformation.html
- http://freshmeat.net/projects/modsecurity/?branch_id=34901&release_id=282329
- http://secunia.com/advisories/32146
- http://www.vupen.com/english/advisories/2008/2795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45770
Products affected by CVE-2008-5676
-
cpe:2.3:a:breach:modsecurity:*
-
cpe:2.3:a:breach:modsecurity:2.5.1
-
cpe:2.3:a:breach:modsecurity:2.5.2
-
cpe:2.3:a:breach:modsecurity:2.5.3
-
cpe:2.3:a:breach:modsecurity:2.5.4