Summary: | <www-apache/mod_security-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031,CVE-2012-2751) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | apache-bugs, flameeyes |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/49576/ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-06-22 12:08:24 UTC
@maintainer: Is 2.6.6 ready to be stabilized? Yes it is. Arches, please test and mark stable: =www-apache/mod_security-2.6.6 Target KEYWORDS : "amd64 ppc sparc x86" amd64 stable x86 stable, thanks! ppc done sparc stable @security: please vote. CVE-2012-2751 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2751): ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. CVE-2009-5031 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5031): ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. Thanks, everyone. GLSA vote: no. Thanks, folks. GLSA Vote: no too. Closing noglsa. |