Vulnerability in Oracle Http_server
CVE-2012-2751
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allo…
EPSS: 0.019 (83.8th percentile) — read the EPSS interpretation.
Affected products
- Oracle Http_server — versions 11.1.1.6.0
- Trustwave Modsecurity
- Debian Debian_linux — versions 6.0, 7.0
- Opensuse — versions 11.4, 12.2, 12.3
- N/a — versions n/a
References
- openSUSE-SU-2013:1342 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- 54156 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- DSA-2506 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- openSUSE-SU-2013:1331 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_CONFIRM, Broken Link)
- 49782 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Broken Link)
- secalert@redhat.com (Third Party Advisory, x_refsource_MISC)
- [oss-security] 20120621 Re: mod_security CVE request (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)