ID CVE-2009-1903
Summary The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
References
Vulnerable Configurations
  • cpe:2.3:a:trustwave:modsecurity:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.0:rc7:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.0:rc7:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:dev2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:dev2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:dev3:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:dev3:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:dev4:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:dev4:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.2:rc3:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.2:rc3:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.3:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:rc3:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:rc3:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.4:rc4:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.4:rc4:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.2.0:dev1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.2.0:dev1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:dev2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:dev2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.1:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.1:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.7:-:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.7:-:*:*:*:*:*:*
  • cpe:2.3:a:trustwave:modsecurity:2.5.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:trustwave:modsecurity:2.5.7:rc1:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 14-02-2021 - 02:55)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 34096
confirm http://sourceforge.net/project/shownotes.php?release_id=667538
fedora
  • FEDORA-2009-2654
  • FEDORA-2009-2686
gentoo GLSA-200907-02
osvdb 52552
secunia
  • 34256
  • 34311
  • 35687
vupen ADV-2009-0703
xf modsecurity-pdfxss-dos(49211)
Last major update 14-02-2021 - 02:55
Published 03-06-2009 - 17:00
Last modified 14-02-2021 - 02:55
Back to Top