Lucene search
Ubuntu.comUB:CVE-2009-1902HistoryJun 03, 2009 - 12:00 a.m.
CVE-2009-1902
2009-06-0300:00:00
ubuntu.com
ubuntu.com
4
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.036 Low
EPSS
Percentile
91.8%
The multipart processor in ModSecurity before 2.5.9 allows remote attackers
to cause a denial of service (crash) via a multipart form datapost request
with a missing part header name, which triggers a NULL pointer dereference.
Notes
| Author | Note |
|---|---|
| mdeslaur | PoC: http://www.milw0rm.com/exploits/8241 |
Related
cve
cve
CVE-2009-1902
2009-06-03 17:00:00
nvd
nvd
CVE-2009-1902
2009-06-03 17:00:00
nessus
nessus
ModSecurity < 2.5.9 Multipart Request Header Name DoS
2013-07-02 00:00:00
Fedora 10 : mod_security-2.5.9-1.fc10 (2009-2686)
2009-04-23 00:00:00
Fedora 9 : mod_security-2.5.9-1.fc9 (2009-2654)
2009-03-16 00:00:00
prion
prion
Null pointer dereference
2009-06-03 17:00:00
cvelist
cvelist
CVE-2009-1902
2009-06-03 16:33:00
openvas
openvas
Gentoo Security Advisory GLSA 200907-02 (mod_security)
2009-07-06 00:00:00
Fedora Core 10 FEDORA-2009-2686 (mod_security)
2009-03-20 00:00:00
Gentoo Security Advisory GLSA 200907-02 (mod_security)
2009-07-06 00:00:00
securityvulns
securityvulns
ModSecurity multiple security vulnerabilities
2009-07-03 00:00:00
[ GLSA 200907-02 ] ModSecurity: Denial of Service
2009-07-03 00:00:00
gentoo
gentoo
ModSecurity: Denial of service
2009-07-02 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.036 Low
EPSS
Percentile
91.8%
Related for UB:CVE-2009-1902