Launchpad.net

CVE 2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.

Related bugs and status

CVE-2012-2751 (Candidate) is related to these bugs:

Bug #1016909: (CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751)

		In	Importance	Status
1016909	(CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751)	modsecurity-apache (Ubuntu)	Undecided	Invalid
1016909	(CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751)	modsecurity-apache (Debian)	Unknown	Fix Released
1016909	(CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751)	libapache-mod-security (Ubuntu)	Undecided	Invalid
1016909	(CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751)	libapache-mod-security (Debian)	Unknown	Fix Released

Bug #1169030: CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack

		In	Importance	Status
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	modsecurity-apache (Ubuntu)	Medium	Fix Released
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	libapache-mod-security (Ubuntu)	Undecided	Invalid
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	libapache-mod-security (Ubuntu Precise)	Undecided	Invalid
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	modsecurity-apache (Ubuntu Precise)	Medium	Won't Fix
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	libapache-mod-security (Ubuntu Quantal)	Undecided	Invalid
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	modsecurity-apache (Ubuntu Quantal)	Medium	Won't Fix
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	libapache-mod-security (Ubuntu Raring)	Undecided	Invalid
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	modsecurity-apache (Ubuntu Raring)	Medium	Fix Released
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	libapache-mod-security (Ubuntu Saucy)	Undecided	Invalid
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	modsecurity-apache (Ubuntu Saucy)	Medium	Fix Released
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	libapache-mod-security (Ubuntu Lucid)	Medium	Fix Released
1169030	CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack	modsecurity-apache (Ubuntu Lucid)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-2751

Related bugs and status

Related bugs

References