Vulnerability Description
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trustwave | Modsecurity | < 2.5.11 |
| Opensuse | Opensuse | 11.4 |
Related Weaknesses (CWE)
References
- http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-mulThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.htmlMailing ListThird Party Advisory
- http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHBroken Link
- http://secunia.com/advisories/49576Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/06/22/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2012/06/22/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/54156Third Party AdvisoryVDB Entry
- http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdfThird Party Advisory
- https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2Broken Link
- http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-mulThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2009-5031?
CVE-2009-5031 is a vulnerability with a CVSS score of 4.3 (MEDIUM). ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site script...
How severe is CVE-2009-5031?
CVE-2009-5031 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-5031?
Check the references section above for vendor advisories and patch information. Affected products include: Trustwave Modsecurity, Opensuse Opensuse.