5

CVE-2012-4528

Exploit
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrustwaveModsecurity Version < 2.7.0
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
FedoraprojectFedora Version18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.51% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.html
Third Party Advisory
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGES
Broken Link
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?sortby=date&r1=2081&r2=2080&pathrev=2081
Broken Link
http://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081
Broken Link
http://seclists.org/fulldisclosure/2012/Oct/113
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2012/10/18/14
Third Party Advisory
Mailing List
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt
Third Party Advisory