1. CVE-Search
  2. CVE-2009-1902
ID CVE-2009-1902
Summary The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
References
Vulnerable Configurations
  • cpe:2.3:a:trustwave:modsecurity:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.0:rc7:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.0:rc7:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:dev2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:dev2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:dev3:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:dev3:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:dev4:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:dev4:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:rc3:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:rc3:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.3:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:rc3:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:rc3:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:rc4:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:rc4:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.2.0:dev1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.2.0:dev1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:dev2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:dev2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.1:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.1:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.7:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.7:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-02-2021 - 17:21)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 34096
bugtraq 20090319 [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service
confirm http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846
exploit-db 8241
fedora
  • FEDORA-2009-2654
  • FEDORA-2009-2686
gentoo GLSA-200907-02
osvdb 52553
secunia
  • 34256
  • 34311
  • 35687
suse SUSE-SR:2009:011
vupen ADV-2009-0703
xf modsecurity-multipart-dos(49212)
Last major update 12-02-2021 - 17:21
Published 03-06-2009 - 17:00
Last modified 12-02-2021 - 17:21
Back to Top