4.3

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrustwaveModsecurity Version < 2.6.6
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
OracleHTTP Server Version11.1.1.6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.94% 0.827
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/bid/54156
Third Party Advisory
VDB Entry