Product:

Modsecurity

(Trustwave)
Repositories https://github.com/SpiderLabs/ModSecurity
#Vulnerabilities 13
Date Id Summary Products Score Patch Annotated
2012-12-28 CVE-2012-4528 The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. Fedora, Opensuse, Modsecurity N/A
2012-07-22 CVE-2009-5031 ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. Opensuse, Modsecurity N/A
2009-06-03 CVE-2009-1902 The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. Fedora, Modsecurity N/A