Vulnerabilities > CVE-2012-2751
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-641.NASL description - complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_1 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs : - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling - [bnc#768293] multi-part bypass, minor threat - CVE-2013-1915 [bnc#813190] XML external entity vulnerability - CVE-2012-4528 [bnc#789393] rule bypass - CVE-2013-2765 [bnc#822664] NULL pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes : - GPLv2 replaced by Apache License v2 - rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. - documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. - renamed the term last seen 2020-06-05 modified 2014-06-13 plugin id 75113 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75113 title openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-641. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75113); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2009-5031", "CVE-2012-2751", "CVE-2012-4528", "CVE-2013-1915", "CVE-2013-2765"); script_name(english:"openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)"); script_summary(english:"Check for the openSUSE-2013-641 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_1 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs : - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling - [bnc#768293] multi-part bypass, minor threat - CVE-2013-1915 [bnc#813190] XML external entity vulnerability - CVE-2012-4528 [bnc#789393] rule bypass - CVE-2013-2765 [bnc#822664] NULL pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes : - GPLv2 replaced by Apache License v2 - rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. - documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. - renamed the term 'Encryption' in directives that actually refer to hashes. See CHANGES file for more details. - new directive SecXmlExternalEntity, default off - byte conversion issues on s390x when logging fixed. - many small issues fixed that were discovered by a Coverity scanner - updated reference manual - wrong time calculation when logging for some timezones fixed. - replaced time-measuring mechanism with finer granularity for measured request/answer phases. (Stopwatch remains for compat.) - cookie parser memory leak fix - parsing of quoted strings in multipart Content-Disposition headers fixed. - SDBM deadlock fix - @rsub memory leak fix - cookie separator code improvements - build failure fixes - compile time option --enable-htaccess-config (set)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=768293" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=789393" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=813190" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=822664" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2-mod_security2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"apache2-mod_security2-2.7.5-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"apache2-mod_security2-debuginfo-2.7.5-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"apache2-mod_security2-debugsource-2.7.5-2.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_security2 / apache2-mod_security2-debuginfo / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-640.NASL description - complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_1 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs : - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling - [bnc#768293] multi-part bypass, minor threat - CVE-2013-1915 [bnc#813190] XML external entity vulnerability - CVE-2012-4528 [bnc#789393] rule bypass - CVE-2013-2765 [bnc#822664] NULL pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes : - GPLv2 replaced by Apache License v2 - rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. - documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. - renamed the term last seen 2020-06-05 modified 2014-06-13 plugin id 75112 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75112 title openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-640. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75112); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2009-5031", "CVE-2012-2751", "CVE-2012-4528", "CVE-2013-1915", "CVE-2013-2765"); script_name(english:"openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1)"); script_summary(english:"Check for the openSUSE-2013-640 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_1 0_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs : - CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling - [bnc#768293] multi-part bypass, minor threat - CVE-2013-1915 [bnc#813190] XML external entity vulnerability - CVE-2012-4528 [bnc#789393] rule bypass - CVE-2013-2765 [bnc#822664] NULL pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes : - GPLv2 replaced by Apache License v2 - rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. - documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. - renamed the term 'Encryption' in directives that actually refer to hashes. See CHANGES file for more details. - new directive SecXmlExternalEntity, default off - byte conversion issues on s390x when logging fixed. - many small issues fixed that were discovered by a Coverity scanner - updated reference manual - wrong time calculation when logging for some timezones fixed. - replaced time-measuring mechanism with finer granularity for measured request/answer phases. (Stopwatch remains for compat.) - cookie parser memory leak fix - parsing of quoted strings in multipart Content-Disposition headers fixed. - SDBM deadlock fix - @rsub memory leak fix - cookie separator code improvements - build failure fixes - compile time option --enable-htaccess-config (set)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=768293" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=789393" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=813190" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=822664" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2-mod_security2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_security2-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"apache2-mod_security2-2.7.5-14.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"apache2-mod_security2-debuginfo-2.7.5-14.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"apache2-mod_security2-debugsource-2.7.5-14.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_security2 / apache2-mod_security2-debuginfo / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2506.NASL description Qualys Vulnerability & Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both last seen 2020-03-17 modified 2012-07-03 plugin id 59825 published 2012-07-03 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59825 title Debian DSA-2506-1 : libapache-mod-security - ModSecurity bypass code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2506. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(59825); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-2751"); script_bugtraq_id(54156); script_xref(name:"DSA", value:"2506"); script_name(english:"Debian DSA-2506-1 : libapache-mod-security - ModSecurity bypass"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Qualys Vulnerability & Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both 'Content:Disposition: attachment' and 'Content-Type: multipart' were present in HTTP headers, the vulnerability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678529" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/libapache-mod-security" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2506" ); script_set_attribute( attribute:"solution", value: "Upgrade the libapache-mod-security packages. For the stable distribution (squeeze), this problem has been fixed in version 2.5.12-1+squeeze1. In testing and unstable distribution, the source package has been renamed to modsecurity-apache." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache-mod-security"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libapache-mod-security", reference:"2.5.12-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"mod-security-common", reference:"2.5.12-1+squeeze1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS11_MODSECURITY_20140731.NASL description The remote Solaris system is missing necessary patches to address security updates : - ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. (CVE-2012-2751) - ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. (CVE-2013-1915) last seen 2020-06-01 modified 2020-06-02 plugin id 80704 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80704 title Oracle Solaris Third-Party Patch Update : modsecurity (cve_2012_2751_improper_input) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-182.NASL description Multiple vulnerabilities has been discovered and corrected in apache-mod_security : ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031 (CVE-2012-2751). ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0 (released on2012-10-16) (CVE-2012-4528). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 63331 published 2012-12-24 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63331 title Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)
Packetstorm
data source | https://packetstormsecurity.com/files/download/114153/parodia-sql.txt |
id | PACKETSTORM:114153 |
last seen | 2016-12-05 |
published | 2012-06-25 |
reporter | Carlos Mario Penagos Hollmann |
source | https://packetstormsecurity.com/files/114153/Parodia-6.8-SQL-Injection.html |
title | Parodia 6.8 SQL Injection |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 54156 CVE ID: CVE-2012-2751 mod_security是经常与PHP结合使用的Web应用防火墙。 ModSecurity 2.6.6之前版本结合PHP使用时,没有正确处理单引号,可允许远程攻击者通过带有multipart/form-data Content-Type标头的请求内Content-Disposition字段中的请求参数的单引号,绕过过滤规则并执行诸如XSS攻击。 0 Breach Security mod_security 2.x 厂商补丁: Breach Security --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.modsecurity.org/index.php |
id | SSV:60308 |
last seen | 2017-11-19 |
modified | 2012-08-03 |
published | 2012-08-03 |
reporter | Root |
title | ModSecurity引号解析安全限制绕过漏洞(CVE-2012-2751) |
References
- http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/CHANGES?r1=1920&r2=1919&pathrev=1920
- http://www.securityfocus.com/bid/54156
- http://secunia.com/advisories/49576
- http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html
- http://www.openwall.com/lists/oss-security/2012/06/22/2
- http://www.debian.org/security/2012/dsa-2506
- http://secunia.com/advisories/49782
- http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?r1=1918&r2=1917&pathrev=1918
- http://www.openwall.com/lists/oss-security/2012/06/22/1
- http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:118
- http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150