Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2009-5031

Опубликовано: 22 июл. 2012
Источник: debian
EPSS Низкий

Описание

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
modsecurity-apachenot-affectedpackage
libapache-mod-securityfixed2.5.12-1package

Примечания

  • https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366

  • https://www.openwall.com/lists/oss-security/2012/06/22/1

  • https://www.openwall.com/lists/oss-security/2012/06/22/2

EPSS

Процентиль: 73%
0.00795
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2009-5031

ubuntu
больше 13 лет назад

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

nvd логотип

CVE-2009-5031

nvd
больше 13 лет назад

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

github логотип

GHSA-rcvp-p5h6-67hw

github
больше 3 лет назад

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

EPSS

Процентиль: 73%
0.00795
Низкий