ModSecurity Two Denial of Service Vulnerabilities

Posted on Thursday, March 12, 2009 @ 17:09:00 PDT in Security
by Raven

HorrorCode writes:  


SECUNIA ADVISORY ID: SA34256

VERIFY ADVISORY: http://secunia.com/advisories/34256/

DESCRIPTION: Two vulnerabilities have been reported in ModSecurity, which can be exploited by malicious people to cause a DoS (Denial of Service). Successful exploitation requires that PDF XSS protection is enabled (disabled by default).


1) An error in the PDF XSS protection implementation can be exploited to cause a crash via a specially crafted HTTP request.Successful exploitation requires that PDF XSS protection is enabled (disabled by default).

2) An error when parsing multipart requests can be exploited to cause a crash via multipart content with a missing part header name.

SOLUTION: Update to version 2.5.9.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Steve Grubb, Red Hat
2) Internet Security Auditors

ORIGINAL ADVISORY:
http://www.modsecurity.org/
http://sourceforge.net/project/shownotes.php?release_id=667538
http://sourceforge.net/project/shownotes.php?release_id=667542
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 367,588,501
  • Today: 37,849
Server InfoServer Info
  • Sep 25, 2018
  • 09:40 am PDT
 
 

Daily Inspiration