LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mod_security: denial of service

Package(s):mod_security CVE #(s):CVE-2009-1902 CVE-2009-1903
Created:July 3, 2009 Updated:July 31, 2009
Description: From the Gentoo advisory: Multiple vulnerabilities were discovered in ModSecurity:

* Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name (CVE-2009-1902).

* Steve Grubb of Red Hat reported that the "PDF XSS protection" feature does not properly handle HTTP requests to a PDF file that do not use the GET method (CVE-2009-1903).

Alerts:
Mandriva MDVSA-2009:184 2009-07-31
Mandriva MDVSA-2009:183 2009-07-31
Gentoo 200907-02 2009-07-02
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds