5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.036 Low
EPSS
Percentile
91.8%
The multipart processor in ModSecurity before 2.5.9 allows remote attackers
to cause a denial of service (crash) via a multipart form datapost request
with a missing part header name, which triggers a NULL pointer dereference.
Author | Note |
---|---|
mdeslaur | PoC: http://www.milw0rm.com/exploits/8241 |