Home > Vulnerability Database > CVE-2012-2751

Mend.io Vulnerability Database

CVE-2012-2751

Good to know:

Date: July 22, 2012

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.

Language: C++

Severity Score

3.7

Related Resources (19)

Url: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-2751

Url: http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-2751

Url: http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2012:118

Url: http://www.debian.org/security/2012/dsa-2506

Url: http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html

Url: http://www.securityfocus.com/bid/54156

Url: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES

Url: http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html

Url: http://secunia.com/advisories/49782

Url: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?r1=1918&r2=1917&pathrev=1918

Url: http://www.openwall.com/lists/oss-security/2012/06/22/2

Url: http://secunia.com/advisories/49576

Url: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/CHANGES?r1=1920&r2=1919&pathrev=1920

Url: http://www.openwall.com/lists/oss-security/2012/06/22/1

Url: https://www.mend.io/vulnerability-database/CVE-2012-2751

Severity Score

3.7

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-2751

Good to know:

Date: July 22, 2012

Language: C++

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?