CVE-2009-5031

2012-07-2216:55:17

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.2%

JSON

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

OSVersionArchitecturePackageVersionFilename
Debian12allmodsecurity-apache< 2.9.7-1modsecurity-apache_2.9.7-1_all.deb
Debian11allmodsecurity-apache< 2.9.3-3+deb11u2modsecurity-apache_2.9.3-3+deb11u2_all.deb
Debian999allmodsecurity-apache< 2.9.7-1modsecurity-apache_2.9.7-1_all.deb
Debian13allmodsecurity-apache< 2.9.7-1modsecurity-apache_2.9.7-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	modsecurity-apache	< 2.9.7-1	modsecurity-apache_2.9.7-1_all.deb
Debian	11	all	modsecurity-apache	< 2.9.3-3+deb11u2	modsecurity-apache_2.9.3-3+deb11u2_all.deb
Debian	999	all	modsecurity-apache	< 2.9.7-1	modsecurity-apache_2.9.7-1_all.deb
Debian	13	all	modsecurity-apache	< 2.9.7-1	modsecurity-apache_2.9.7-1_all.deb