Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:029)

A vulnerability has been discovered and corrected in apache-modsecurity : ModSecurity = 2.6.8 is vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0 released on2012-10-16 CVE-2012-4528. The updated packages have been patched to correct this issue. NOTE: This advisory was...

Authentication flaw

The modsecurity2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data...

Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)

Check for the Version of apache-modsecurity OpenVAS Vulnerability Test Mandriva Update for apache-modsecurity MDVSA-2012:182 apache-modsecurity Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)

Multiple vulnerabilities has been discovered and corrected in apache-modsecurity : ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...

Fedora 17 : mod_security-2.7.1-3.fc17 / mod_security_crs-2.2.6-3.fc17 (2012-18315)

Update to 2.7.1 - Update Core rules set to 2.2.6 - Fix build against libxml2 = 2.9 upstreamed - Add some missing directives RHBZ 569360 - Fix multipart/invalid part ruleset bypass issue CVE-2012-4528 RHBZ 867424, 867773, 867774 Note that Tenable Network Security has extracted the preceding...