Описание
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.5.11-1 |
| natty | ignored | end of life |
| oneiric | not-affected | 2.5.12-1+squeeze1build0.11.10.1 |
| precise | DNE | |
| quantal | DNE | |
| upstream | released | 2.5.11 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.6.6-1 |
| hardy | DNE | |
| lucid | DNE | |
| natty | DNE | |
| oneiric | not-affected | 2.6.0-1 |
| precise | not-affected | 2.6.3-1ubuntu0.2 |
| quantal | not-affected | 2.6.6-1 |
| upstream | released | 2.5.11 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.
ModSecurity before 2.5.11 treats request parameter values containing s ...
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.
EPSS
4.3 Medium
CVSS2