This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote web application firewall may be affected by a denial of
According to its banner, the version of ModSecurity installed on the
remote host is earlier than 2.7.4. It is, therefore, potentially
affected by a denial of service vulnerability. An error exists related
to handling the action 'forceRequestBodyVariable' that could allow an
HTTP request to cause a NULL pointer to be dereferenced and an
Note that Nessus did not actually test for this issue, but instead has
relied on the version in the server's banner.
See also :
Upgrade to ModSecurity version 2.7.4 or later.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true