Vulnerabilities > CVE-2012-2751

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-641.NASL
    description - complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_1 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs : - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling - [bnc#768293] multi-part bypass, minor threat - CVE-2013-1915 [bnc#813190] XML external entity vulnerability - CVE-2012-4528 [bnc#789393] rule bypass - CVE-2013-2765 [bnc#822664] NULL pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes : - GPLv2 replaced by Apache License v2 - rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. - documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. - renamed the term
    last seen2020-06-05
    modified2014-06-13
    plugin id75113
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75113
    titleopenSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-641.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75113);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2009-5031", "CVE-2012-2751", "CVE-2012-4528", "CVE-2013-1915", "CVE-2013-2765");
    
      script_name(english:"openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)");
      script_summary(english:"Check for the openSUSE-2013-641 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - complete overhaul of this package, with update to 2.7.5.
    
      - ruleset update to 2.2.8-0-g0f07cbb.
    
      - new configuration framework private to mod_security2:
        /etc/apache2/conf.d/mod_security2.conf loads
        /usr/share/apache2-mod_security2/rules/modsecurity_crs_1
        0_setup.conf, then /etc/apache2/mod_security2.d/*.conf ,
        as set up based on advice in
        /etc/apache2/conf.d/mod_security2.conf Your
        configuration starting point is
        /etc/apache2/conf.d/mod_security2.conf
    
      - !!! Please note that mod_unique_id is needed for
        mod_security2 to run!
    
      - modsecurity-apache_2.7.5-build_fix_pcre.diff changes
        erroneaous linker parameter, preventing rpath in shared
        object.
    
      - fixes contained for the following bugs :
    
      - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request
        parameter handling
    
      - [bnc#768293] multi-part bypass, minor threat
    
      - CVE-2013-1915 [bnc#813190] XML external entity
        vulnerability
    
      - CVE-2012-4528 [bnc#789393] rule bypass
    
      - CVE-2013-2765 [bnc#822664] NULL pointer dereference
        crash
    
      - new from 2.5.9 to 2.7.5, only major changes :
    
      - GPLv2 replaced by Apache License v2
    
      - rules are not part of the source tarball any longer, but
        maintaned upstream externally, and included in this
        package.
    
      - documentation was externalized to a wiki. Package
        contains the FAQ and the reference manual in html form.
    
      - renamed the term 'Encryption' in directives that
        actually refer to hashes. See CHANGES file for more
        details.
    
      - new directive SecXmlExternalEntity, default off
    
      - byte conversion issues on s390x when logging fixed.
    
      - many small issues fixed that were discovered by a
        Coverity scanner
    
      - updated reference manual
    
      - wrong time calculation when logging for some timezones
        fixed.
    
      - replaced time-measuring mechanism with finer granularity
        for measured request/answer phases. (Stopwatch remains
        for compat.)
    
      - cookie parser memory leak fix
    
      - parsing of quoted strings in multipart
        Content-Disposition headers fixed.
    
      - SDBM deadlock fix
    
      - @rsub memory leak fix
    
      - cookie separator code improvements
    
      - build failure fixes
    
      - compile time option --enable-htaccess-config (set)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=768293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2-mod_security2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"apache2-mod_security2-2.7.5-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"apache2-mod_security2-debuginfo-2.7.5-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"apache2-mod_security2-debugsource-2.7.5-2.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_security2 / apache2-mod_security2-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-640.NASL
    description - complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_1 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs : - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling - [bnc#768293] multi-part bypass, minor threat - CVE-2013-1915 [bnc#813190] XML external entity vulnerability - CVE-2012-4528 [bnc#789393] rule bypass - CVE-2013-2765 [bnc#822664] NULL pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes : - GPLv2 replaced by Apache License v2 - rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. - documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. - renamed the term
    last seen2020-06-05
    modified2014-06-13
    plugin id75112
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75112
    titleopenSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-640.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75112);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2009-5031", "CVE-2012-2751", "CVE-2012-4528", "CVE-2013-1915", "CVE-2013-2765");
    
      script_name(english:"openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1)");
      script_summary(english:"Check for the openSUSE-2013-640 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - complete overhaul of this package, with update to 2.7.5.
    
      - ruleset update to 2.2.8-0-g0f07cbb. 
    
      - new configuration framework private to mod_security2:
        /etc/apache2/conf.d/mod_security2.conf loads
        /usr/share/apache2-mod_security2/rules/modsecurity_crs_1
        0_setup.conf, then /etc/apache2/mod_security2.d/*.conf ,
        as set up based on advice in
        /etc/apache2/conf.d/mod_security2.conf Your
        configuration starting point is
        /etc/apache2/conf.d/mod_security2.conf
    
      - !!! Please note that mod_unique_id is needed for
        mod_security2 to run!
    
      - modsecurity-apache_2.7.5-build_fix_pcre.diff changes
        erroneaous linker parameter, preventing rpath in shared
        object.
    
      - fixes contained for the following bugs :
    
      - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request
        parameter handling
    
      - [bnc#768293] multi-part bypass, minor threat
    
      - CVE-2013-1915 [bnc#813190] XML external entity
        vulnerability
    
      - CVE-2012-4528 [bnc#789393] rule bypass
    
      - CVE-2013-2765 [bnc#822664] NULL pointer dereference
        crash
    
      - new from 2.5.9 to 2.7.5, only major changes :
    
      - GPLv2 replaced by Apache License v2
    
      - rules are not part of the source tarball any longer, but
        maintaned upstream externally, and included in this
        package.
    
      - documentation was externalized to a wiki. Package
        contains the FAQ and the reference manual in html form.
    
      - renamed the term 'Encryption' in directives that
        actually refer to hashes. See CHANGES file for more
        details.
    
      - new directive SecXmlExternalEntity, default off
    
      - byte conversion issues on s390x when logging fixed.
    
      - many small issues fixed that were discovered by a
        Coverity scanner
    
      - updated reference manual
    
      - wrong time calculation when logging for some timezones
        fixed.
    
      - replaced time-measuring mechanism with finer granularity
        for measured request/answer phases. (Stopwatch remains
        for compat.)
    
      - cookie parser memory leak fix
    
      - parsing of quoted strings in multipart
        Content-Disposition headers fixed.
    
      - SDBM deadlock fix
    
      - @rsub memory leak fix
    
      - cookie separator code improvements
    
      - build failure fixes
    
      - compile time option --enable-htaccess-config (set)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=768293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2-mod_security2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"apache2-mod_security2-2.7.5-14.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"apache2-mod_security2-debuginfo-2.7.5-14.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"apache2-mod_security2-debugsource-2.7.5-14.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_security2 / apache2-mod_security2-debuginfo / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2506.NASL
    descriptionQualys Vulnerability & Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both
    last seen2020-03-17
    modified2012-07-03
    plugin id59825
    published2012-07-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59825
    titleDebian DSA-2506-1 : libapache-mod-security - ModSecurity bypass
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2506. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59825);
      script_version("1.13");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-2751");
      script_bugtraq_id(54156);
      script_xref(name:"DSA", value:"2506");
    
      script_name(english:"Debian DSA-2506-1 : libapache-mod-security - ModSecurity bypass");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Qualys Vulnerability & Malware Research Labs discovered a
    vulnerability in ModSecurity, a security module for the Apache
    webserver. In situations where both 'Content:Disposition: attachment'
    and 'Content-Type: multipart' were present in HTTP headers, the
    vulnerability could allow an attacker to bypass policy and execute
    cross-site script (XSS) attacks through properly crafted HTML
    documents."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678529"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/libapache-mod-security"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2012/dsa-2506"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libapache-mod-security packages.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 2.5.12-1+squeeze1.
    
    In testing and unstable distribution, the source package has been
    renamed to modsecurity-apache."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache-mod-security");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"libapache-mod-security", reference:"2.5.12-1+squeeze1")) flag++;
    if (deb_check(release:"6.0", prefix:"mod-security-common", reference:"2.5.12-1+squeeze1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_MODSECURITY_20140731.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. (CVE-2012-2751) - ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. (CVE-2013-1915)
    last seen2020-06-01
    modified2020-06-02
    plugin id80704
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80704
    titleOracle Solaris Third-Party Patch Update : modsecurity (cve_2012_2751_improper_input)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-182.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in apache-mod_security : ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031 (CVE-2012-2751). ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0 (released on2012-10-16) (CVE-2012-4528). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63331
    published2012-12-24
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63331
    titleMandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/114153/parodia-sql.txt
idPACKETSTORM:114153
last seen2016-12-05
published2012-06-25
reporterCarlos Mario Penagos Hollmann
sourcehttps://packetstormsecurity.com/files/114153/Parodia-6.8-SQL-Injection.html
titleParodia 6.8 SQL Injection

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 54156 CVE ID: CVE-2012-2751 mod_security是经常与PHP结合使用的Web应用防火墙。 ModSecurity 2.6.6之前版本结合PHP使用时,没有正确处理单引号,可允许远程攻击者通过带有multipart/form-data Content-Type标头的请求内Content-Disposition字段中的请求参数的单引号,绕过过滤规则并执行诸如XSS攻击。 0 Breach Security mod_security 2.x 厂商补丁: Breach Security --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.modsecurity.org/index.php
idSSV:60308
last seen2017-11-19
modified2012-08-03
published2012-08-03
reporterRoot
titleModSecurity引号解析安全限制绕过漏洞(CVE-2012-2751)