Oval Definition:oval:org.mitre.oval:def:14855
Revision Date:2012-12-17Version:6
Title:ModSecurity bypass vulnerability (CVE-2012-2751)
Description:ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2012-2751
Platform(s):Ubuntu 10.04
Ubuntu 11.04
Ubuntu 11.10
Ubuntu 12.04
Product(s):Modsecurity
Definition Synopsis
  • tbd
  • modsecurity-apache package is installed
  • AND tbd
  • tbd
  • Ubuntu 11.10 is installed
  • AND libapache-mod-security version check
  • OR tbd
  • Ubuntu 12.04 is installed
  • AND libapache-mod-security version check
  • OR tbd
  • libapache-mod-security package is installed
  • AND tbd
  • tbd
  • Ubuntu 11.10 is installed
  • AND libapache-mod-security version check
  • OR tbd
  • Ubuntu 11.04 is installed
  • AND libapache-mod-security version check
  • OR tbd
  • Ubuntu 10.04 is installed
  • AND libapache-mod-security version check
    • BACK