CVE-2009-1902 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2009-1902
Status Candidate
Description The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
Severity High
CVSS score 7,8
CVSS vector (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Phase Assigned (15.07.2009)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1902
References BID : 34096
BUGTRAQ : 20090319 [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service
CONFIRM : http://sourceforge.net/project/shownotes.php?relea...
FEDORA : FEDORA-2009-2654
FEDORA : FEDORA-2009-2686
MILW0RM : 8241
OSVDB : 52553
SECUNIA : 34256
SECUNIA : 34311
SUSE : SUSE-SR:2009:011
VUPEN : ADV-2009-0703
XF : modsecurity-multipart-dos(49212)
SecurityVulns: ModSecurity multiple security vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server