Detections
Analytics
ModSecurity < 2.7.0 Multipart Request Parsing Filter Bypass
medium Nessus Plugin ID 67126
Language:
Synopsis
The remote web application firewall may be affected by a security bypass vulnerability.Description
According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.0. It is, therefore, potentially affected by a security bypass vulnerability. An error exists related to HTTP POST requests and 'Content-Disposition' headers containing extra lines that could allow a remote attacker to bypass certain filters and carry out attacks.Note that Nessus has not tested for this issue but has instead relied only on the version in the server's banner.
Solution
Upgrade to ModSecurity version 2.7.0 or later.See Also
https://seclists.org/fulldisclosure/2012/Oct/113
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
Plugin Details
Severity: Medium
ID: 67126
File Name: modsecurity_2_7_0.nasl
Version: 1.10
Type: remote
Family: Firewalls
Published: 7/2/2013
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2012-4528
Vulnerability Information
CPE: cpe:/a:modsecurity:modsecurity
Required KB Items: Settings/ParanoidReport, www/ModSecurity
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/15/2013
Vulnerability Publication Date: 10/15/2012
Reference Information
CVE: CVE-2012-4528
BID: 56096