Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.41 views

Oracle Solaris Third-Party Patch Update : modsecurity (cve_2012_2751_improper_input)

The remote Solaris system is missing necessary patches to address security updates : - ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...

7.5CVSS5.3AI score0.04208EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.43 views

openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)

complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to modsecurity2: /etc/apache2/conf.d/modsecurity2.conf loads /usr/share/apache2-modsecurity2/rules/modsecuritycrs1 0setup.conf, then...

7.5CVSS6.2AI score0.13719EPSS
Exploits8References10
OpenVAS
OpenVAS
added 2012/12/26 12:0 a.m.34 views

Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)

Check for the Version of apache-modsecurity OpenVAS Vulnerability Test Mandriva Update for apache-modsecurity MDVSA-2012:182 apache-modsecurity Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

5CVSS0.1AI score0.12507EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2012/12/24 12:0 a.m.43 views

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)

Multiple vulnerabilities has been discovered and corrected in apache-modsecurity : ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...

5CVSS5.3AI score0.12507EPSS
Exploits3References2
seebug.org
seebug.org
added 2012/08/03 12:0 a.m.51 views

ModSecurity引号解析安全限制绕过漏洞(CVE-2012-2751)

BUGTRAQ ID: 54156 CVE ID: CVE-2012-2751 modsecurity是经常与PHP结合使用的Web应用防火墙。 ModSecurity 2.6.6之前版本结合PHP使用时,没有正确处理单引号,可允许远程攻击者通过带有multipart/form-data Content-Type标头的请求内Content-Disposition字段中的请求参数的单引号,绕过过滤规则并执行诸如XSS攻击。 0 Breach Security modsecurity 2.x 厂商补丁: Breach Security ---------------...

4.3CVSS0.03303EPSS
Exploits2
NVD
NVD
added 2012/07/22 4:55 p.m.25 views

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...

4.3CVSS5.7AI score0.03303EPSS
Exploits2References16
OSV
OSV
added 2012/07/22 4:55 p.m.6 views

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...

5.7AI score
Exploits0References21
UbuntuCve
UbuntuCve
added 2012/07/22 4:55 p.m.37 views

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...

4.3CVSS5.9AI score0.03303EPSS
Exploits2References2
Cvelist
Cvelist
added 2012/07/22 4:0 p.m.32 views

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...

5.7AI score0.03303EPSS
Exploits2References16
CVE
CVE
added 2012/07/22 4:0 p.m.77 views

CVE-2012-2751

CVE-2012-2751 relates to ModSecurity prior to 2.6.6 when used with PHP. The issue arises in how single quotes in Content-Disposition are handled inside multipart/form-data requests, allowing remote attackers to bypass filtering rules and potentially perform XSS. The vulnerability is noted to exis...

4.3CVSS5.7AI score0.03303EPSS
Exploits2References16Affected Software1
Debian CVE
Debian CVE
added 2012/07/22 4:0 p.m.29 views

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform...

4.3CVSS5.7AI score0.03303EPSS
Exploits2
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.86 views

[SECURITY] [DSA 2506-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.03303EPSS
Exploits2
Rows per page
Query Builder