Lucene search
RootSSV:60308HistoryAug 03, 2012 - 12:00 a.m.
ModSecurity引号解析安全限制绕过漏洞(CVE-2012-2751)
2012-08-0300:00:00
Root
www.seebug.org
30
0.003 Low
EPSS
Percentile
63.4%
BUGTRAQ ID: 54156
CVE ID: CVE-2012-2751
mod_security是经常与PHP结合使用的Web应用防火墙。
ModSecurity 2.6.6之前版本结合PHP使用时,没有正确处理单引号,可允许远程攻击者通过带有multipart/form-data Content-Type标头的请求内Content-Disposition字段中的请求参数的单引号,绕过过滤规则并执行诸如XSS攻击。
0
Breach Security mod_security 2.x
厂商补丁:
Breach Security
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
debian
debian
[SECURITY] [DSA 2506-1] libapache-mod-security security update
2012-07-02 20:32:31
openvas
openvas
Debian Security Advisory DSA 2506-1 (libapache-mod-security)
2012-08-10 00:00:00
Debian: Security Advisory (DSA-2506-1)
2012-08-10 00:00:00
Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
2012-12-26 00:00:00
nessus
nessus
Debian DSA-2506-1 : libapache-mod-security - ModSecurity bypass
2012-07-03 00:00:00
Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)
2012-12-24 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2506-1] libapache-mod-security security update
2012-07-09 00:00:00
Apache mod_security protection bypass
2012-07-09 00:00:00
debiancve
debiancve
CVE-2012-2751
2012-07-22 16:55:00
ubuntucve
ubuntucve
CVE-2012-2751
2012-07-22 00:00:00
prion
prion
Cross site scripting
2012-07-22 16:55:00
packetstorm
packetstorm
Parodia 6.8 SQL Injection
2012-06-25 00:00:00
cve
cve
CVE-2012-2751
2012-07-22 16:55:00
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00