ModSecurity Multiple Remote Denial Of Service Vulnerabilities Network Vulnerability

Summary

This host is running ModSecurity and is prone to Denial of Service Vulnerabilities.

Impact

Successful exploitation could allow remote attackers to cause denial of service.

Solution

Upgrade to version 2.5.9 or later. http://www.modsecurity.org/download/

Insight

The multiple flaws are due to, - An error in the PDF XSS protection implementation which can be exploited to cause a crash via a specially crafted HTTP request. - NULL pointer dereference error when parsing multipart requests can be exploited to cause a crash via multipart content with a missing part header name.

Affected

ModSecurity version prior to 2.5.9 on Linux.

References

http://secunia.com/advisories/34256
http://www.vupen.com/english/advisories/2009/0703

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1902, CVE-2009-1903

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability
Apache Multiple Security Vulnerabilities
Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability
IIS Remote Command Execution
nginx Arbitrary Code Execution Vulnerability

ModSecurity Multiple Remote Denial of Service Vulnerabilities

Take action and discover your vulnerabilities