CVE-2012-4528

critical

Description

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt

http://www.openwall.com/lists/oss-security/2012/10/18/14

http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html

http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html

http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.html

Details

Source: Mitre, NVD

Published: 2012-12-28

Updated: 2021-02-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics