CVE-2012-4528 - OpenCVE

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Opensuse	Opensuse
Trustwave	Modsecurity

Configuration 1 [-]

cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGES
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?sortby=date&r1=2081&r2=2080&pathrev=2081
http://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081
http://seclists.org/fulldisclosure/2012/Oct/113
http://www.openwall.com/lists/oss-security/2012/10/18/14
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-12-28T11:00:00

Updated: 2024-08-06T20:42:54.963Z

Reserved: 2012-08-21T00:00:00

Link: CVE-2012-4528

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-12-28T11:48:44.563

Modified: 2021-02-12T17:29:16.193

Link: CVE-2012-4528

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-11-23T18:10:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2013:1342", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081"}, {"name": "openSUSE-SU-2013:1331", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGES"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?sortby=date&r1=2081&r2=2080&pathrev=2081"}, {"name": "20121017 SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2012/Oct/113"}, {"name": "FEDORA-2012-18278", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.html"}, {"name": "[oss-security] 20121018 Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/18/14"}, {"name": "openSUSE-SU-2013:1336", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:42:54.963Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2013:1342", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081"}, {"name": "openSUSE-SU-2013:1331", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGES"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?sortby=date&r1=2081&r2=2080&pathrev=2081"}, {"name": "20121017 SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2012/Oct/113"}, {"name": "FEDORA-2012-18278", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.html"}, {"name": "[oss-security] 20121018 Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/10/18/14"}, {"name": "openSUSE-SU-2013:1336", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4528", "datePublished": "2012-12-28T11:00:00", "dateReserved": "2012-08-21T00:00:00", "dateUpdated": "2024-08-06T20:42:54.963Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "0777031B-7797-4B3A-BB91-DB2603619A6A", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data."}, {"lang": "es", "value": "El m\u00f3dulo mod_security2 antes de v2.7.0 para el Servidor HTTP Apache permite a atacantes remotos evitar las reglas y entregar datos POST de su elecci\u00f3n a una aplicaci\u00f3n PHP, a trav\u00e9s de una solicitud multipart en la que una parte no v\u00e1lida precede a los datos elaborados.\r\n"}], "id": "CVE-2012-4528", "lastModified": "2021-02-12T17:29:16.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-28T11:48:44.563", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGES"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?sortby=date&r1=2081&r2=2080&pathrev=2081"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2012/Oct/113"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/10/18/14"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}