14 matches found
Oracle Solaris Third-Party Patch Update : modsecurity (cve_2012_2751_improper_input)
The remote Solaris system is missing necessary patches to address security updates : - ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...
openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)
complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to modsecurity2: /etc/apache2/conf.d/modsecurity2.conf loads /usr/share/apache2-modsecurity2/rules/modsecuritycrs1 0setup.conf, then...
Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:156)
A vulnerability has been found and corrected in apache-modsecurity : ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with...
ModSecurity XML外部实体信息泄露漏洞(CVE-2013-1915)
Bugtraq ID:58810 CVE ID:CVE-2013-1915 ModSecurity是一个入侵侦测与防护引擎,它主要是用于Web应用程序,所以也被称为Web应用程序防火墙 ModSecurity存在安全漏洞,允许远程攻击者通过XML外部实体声明结合实体引用,可读取任意文件,发送HTTP请求到内网服务器或进行拒绝服务攻击 0 ModSecurity 2.7.3 厂商解决方案 ModSecurity 2.7.3已经修复此漏洞,建议用户下载更新: http://www.modsecurity.org/...
CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
CVE-2013-1915
CVE-2013-1915 (ModSecurity XXE) : ModSecurity before 2.7.3 is vulnerable to an XML External Entity (XXE) attack via an XML entity declaration and a referenced entity. This can allow remote attackers to read arbitrary files, make HTTP requests to intranet servers, or trigger denial of service (CPU...
FreeBSD : ModSecurity -- XML External Entity Processing Vulnerability (2070c79a-8e1e-11e2-b34d-000c2957946c)
Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...
Fedora Update for mod_security FEDORA-2013-4831
Check for the Version of modsecurity OpenVAS Vulnerability Test Fedora Update for modsecurity FEDORA-2013-4831 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
[SECURITY] [DSA 2659-1] libapache-mod-security security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2659-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2013 http://www.debian.org/security/faq -...
Fedora Update for mod_security FEDORA-2013-4834
Check for the Version of modsecurity OpenVAS Vulnerability Test Fedora Update for modsecurity FEDORA-2013-4834 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Fedora Update for mod_security FEDORA-2013-4831
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...
Fedora 18 : mod_security-2.7.3-1.fc18 (2013-4831)
Update to 2.7.3. Upstream changelog: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Fedora 17 : mod_security-2.7.3-1.fc17 (2013-4834)
Update to 2.7.3. Upstream changelog: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Debian: Security Advisory (DSA-2659-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...