Summary
This host is running ModSecurity and is prone to Denial of Service Vulnerabilities.
Impact
Successful exploitation could allow remote attackers to cause denial of service.
Solution
Upgrade to version 2.5.9 or later.
http://www.modsecurity.org/download/
Insight
The multiple flaws are due to,
- An error in the PDF XSS protection implementation which can be exploited to cause a crash via a specially crafted HTTP request.
- NULL pointer dereference error when parsing multipart requests can be exploited to cause a crash via multipart content with a missing part header name.
Affected
ModSecurity version prior to 2.5.9 on Linux.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1902, CVE-2009-1903 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities