Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rcvp-p5h6-67hw

Опубликовано: 02 мая 2022
Источник: github
Github: Не прошло ревью

Описание

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

Ссылки

EPSS

Процентиль: 73%
0.00795
Низкий

CVE ID

CVE-2009-5031

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2009-5031

ubuntu
больше 13 лет назад

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

nvd логотип

CVE-2009-5031

nvd
больше 13 лет назад

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

debian логотип

CVE-2009-5031

debian
больше 13 лет назад

ModSecurity before 2.5.11 treats request parameter values containing s ...

EPSS

Процентиль: 73%
0.00795
Низкий

CVE ID

CVE-2009-5031

Дефекты

CWE-79