[Mod-security-developers] Integer overflow in mod_security for IIS

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello!

*Steps to reproduce:*

   1. Install mod_security on Windows Server 2008 R2 x64, IIS 7.5 using msi
   installer
   2. Setup mod_security for your website
   3. In IIS go to advanced settings of application pool of your website
   4. Set "Enable 32-Bit Applications" property to "True"
   5. Restart the pool and your website
   6. Make a request to the site

*Actual result:*
in response headers value of "Content-Size" header is enormous. Thus client
actually loads contents but waits for the rest. If you try to load your
site in a common browser such as Chrome loading will hang up.