You are here

V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability

October 18, 2012 - 6:00am

Addthis

PROBLEM:

ModSecurity Multipart Message Parsing Security Bypass Vulnerability

PLATFORM:

Modsecurity Versions prior to 2.70

ABSTRACT:

SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions

REFERENCE LINKS:

SEC Consult
Secunia Advisory SA49853

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The vulnerability is caused due to an error when parsing multipart requests and can be exploited to bypass certain filtering rules.

IMPACT:

Remote Security Bypass

SOLUTION:

Update to version 2.70

Addthis