ALAS-2014-335

Amazon Linux 1 (EOL) Security Advisory: ALAS-2014-335
Advisory Released Date: 2014-05-06
Advisory Updated Date: 2014-09-18

Severity: Medium

References: CVE-2013-5705
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

Affected Packages:

mod_security

Issue Correction:
Run yum update mod_security or yum update --advisory ALAS-2014-335 to update your system.

New Packages:

i686:
    mlogc-2.7.3-3.23.amzn1.i686
    mod_security-2.7.3-3.23.amzn1.i686
    mod_security-debuginfo-2.7.3-3.23.amzn1.i686

src:
    mod_security-2.7.3-3.23.amzn1.src

x86_64:
    mod_security-2.7.3-3.23.amzn1.x86_64
    mlogc-2.7.3-3.23.amzn1.x86_64
    mod_security-debuginfo-2.7.3-3.23.amzn1.x86_64

Additional References

Red Hat: CVE-2013-5705

Mitre: CVE-2013-5705