4.3

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrustwaveModsecurity Version < 2.6.6
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
OracleHTTP Server Version11.1.1.6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.3% 0.869
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Third Party Advisory
http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
Third Party Advisory
Mailing List
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES
Broken Link
http://secunia.com/advisories/49576
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/06/22/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2012/06/22/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/54156
Third Party Advisory
VDB Entry
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/CHANGES?r1=1920&r2=1919&pathrev=1920
Broken Link
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?r1=1918&r2=1917&pathrev=1918
Broken Link
http://secunia.com/advisories/49782
Third Party Advisory
http://www.debian.org/security/2012/dsa-2506
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:118
Third Party Advisory