Ravens PHP Scripts

ModSecurity Two Denial of Service Vulnerabilities
Date: Thursday, March 12, 2009 @ 18:09:00 PDT
Topic: Security




SECUNIA ADVISORY ID: SA34256

VERIFY ADVISORY: http://secunia.com/advisories/34256/

DESCRIPTION: Two vulnerabilities have been reported in ModSecurity, which can be exploited by malicious people to cause a DoS (Denial of Service). Successful exploitation requires that PDF XSS protection is enabled (disabled by default).




1) An error in the PDF XSS protection implementation can be exploited to cause a crash via a specially crafted HTTP request.Successful exploitation requires that PDF XSS protection is enabled (disabled by default).

2) An error when parsing multipart requests can be exploited to cause a crash via multipart content with a missing part header name.

SOLUTION: Update to version 2.5.9.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Steve Grubb, Red Hat
2) Internet Security Auditors

ORIGINAL ADVISORY:
http://www.modsecurity.org/
http://sourceforge.net/project/shownotes.php?release_id=667538
http://sourceforge.net/project/shownotes.php?release_id=667542






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3572