5 matches found
Oracle Solaris Third-Party Patch Update : modsecurity (cve_2012_2751_improper_input)
The remote Solaris system is missing necessary patches to address security updates : - ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...
openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)
complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to modsecurity2: /etc/apache2/conf.d/modsecurity2.conf loads /usr/share/apache2-modsecurity2/rules/modsecuritycrs1 0setup.conf, then...
Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
Check for the Version of apache-modsecurity OpenVAS Vulnerability Test Mandriva Update for apache-modsecurity MDVSA-2012:182 apache-modsecurity Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Cross site scripting
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...
CVE-2009-5031
CVE-2009-5031 affects ModSecurity before 2.5.11. It mishandles single quotes in request parameter values in the Content-Disposition header of multipart/form-data requests, allowing remote attackers to bypass filtering and perform other attacks such as XSS. A fix is available in ModSecurity 2.5.11...