Описание
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | released | 2.5.11-1ubuntu0.1 |
| natty | released | 2.5.12-1+squeeze1build0.11.04.1 |
| oneiric | released | 2.5.12-1+squeeze1build0.11.10.1 |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| raring | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.6.6-1 |
| esm-apps/xenial | not-affected | 2.6.6-1 |
| esm-infra-legacy/trusty | not-affected | 2.6.6-1 |
| hardy | DNE | |
| lucid | DNE | |
| natty | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | not-affected | 2.6.6-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
ModSecurity before 2.6.6, when used with PHP, does not properly handle ...
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
EPSS
4.3 Medium
CVSS2