ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass

ModSecurity 2.5.9 Core Rules 2.5-1.6.1 - Filter Bypass ======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9...

ModSecurity <= 2.5.9 (Core Rules <= 2.5-1.6.1) Filter Bypass Vuln

No description provided by source. ======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Cor...

ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass

======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Core Rules = 2.5-1.6.1 Author :...

CVE-2009-1903

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service Apache httpd crash via a request for a PDF file that does not use the GET method...

Design/Logic Flaw

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service Apache httpd crash via a request for a PDF file that does not use the GET method...

Null pointer dereference

The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service crash via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference...

CVE-2009-1902

The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service crash via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference...

CVE-2009-1902

The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service crash via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference...

CVE-2009-1903

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service Apache httpd crash via a request for a PDF file that does not use the GET method...

CVE-2009-1903

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service Apache httpd crash via a request for a PDF file that does not use the GET method...

CVE-2009-1903

ModSecurity (Apache module) prior to version 2.5.9 is affected by two CVEs; CVE-2009-1902 (NULL pointer dereference when processing multipart requests without a part header name) and CVE-2009-1903 (PDF XSS protection failing for PDF requests not using GET), leading to possible denial of service (...

CVE-2009-1902

CVE-2009-1902 affects ModSecurity prior to 2.5.9. The vulnerability arises in the multipart processor when a datapost request has a missing part header name, causing a NULL pointer dereference and potential denial of service (remote crash). Evidence from SUSE confirms the same description and imp...

CVE-2009-1902

The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service crash via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference...

FreeBSD : ModSecurity for Apache 2.x remote off-by-one overflow (c2e10368-77ab-11d8-b9e8-00e04ccb0a62)

When the directive 'SecFilterScanPost' is enabled, the Apache 2.x version of ModSecurity is vulnerable to an off-by-one overflow %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

[ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service (DoS)

============================================= INTERNET SECURITY AUDITORS ALERT 2009-001 - Original release date: February 25th, 2009 - Last revised: March 19th, 2009 - Discovered by: Juan Galiana Lara - Severity: 7.8/10 CVSS Base Scored ============================================= I. VULNERABILI...

ModSecurity Denial Of Service

============================================= INTERNET SECURITY AUDITORS ALERT 2009-001 - Original release date: February 25th, 2009 - Last revised: March 19th, 2009 - Discovered by: Juan Galiana Lara - Severity: 7.8/10 CVSS Base Scored ============================================= I. VULNERABILI...

Breach Security ModSecurity for Apache DoS

Module hangs on incomplete HTTP POST multipart/form-data request...

ModSecurity < 2.5.9 Remote Denial of Service Vulnerability

No description provided by source. ============================================= INTERNET SECURITY AUDITORS ALERT 2009-001 - Original release date: February 25th, 2009 - Last revised: March 19th, 2009 - Discovered by: Juan Galiana Lara - Severity: 7.8/10 CVSS Base Scored...

ModSecurity 2.5.9 - Remote Denial of Service

ModSecurity 2.5.9 - Remote Denial of Service ============================================= INTERNET SECURITY AUDITORS ALERT 2009-001 - Original release date: February 25th, 2009 - Last revised: March 19th, 2009 - Discovered by: Juan Galiana Lara - Severity: 7.8/10 CVSS Base Scored...

ModSecurity < 2.5.9 Remote Denial of Service Vulnerability

Exploit for multiple platform in category dos / poc ========================================================== ModSecurity 2.5.9 Remote Denial of Service Vulnerability ========================================================== ============================================= INTERNET SECURITY AUDITO...