ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a “string index out of range” error and worker-process crash for a “Cookie: =abc” header.
CPE | Name | Operator | Version |
---|---|---|---|
modsecurity | eq | 3.0.3 | |
modsecurity | eq | 3.0.1 | |
modsecurity | eq | 3.0.0 | |
modsecurity | eq | 3.0.2 |