Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

mod_security: multipart/invalid part ruleset bypass

Package(s):

mod_security

CVE #(s):

CVE-2012-4528

Created:

December 3, 2012

Updated:

April 5, 2013

Description:

From the Red Hat bugzilla:

ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0 (released on2012-10-16)

Alerts:

Fedora	FEDORA-2012-18315	2012-12-01
Fedora	FEDORA-2012-18315	2012-12-01
Mandriva	MDVSA-2012:182	2012-12-23
Mandriva	MDVSA-2012:183	2012-12-23
Mageia	MGASA-2012-0371	2012-12-31
Mandriva	MDVSA-2013:016	2013-04-04
Mandriva	MDVSA-2013:029	2013-04-05

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds