| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-2751 | 4.3 |
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote a
|
13-02-2023 - 00:25 | 22-07-2012 - 16:55 | |
| CVE-2012-4528 | 5.0 |
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
|
12-02-2021 - 17:29 | 28-12-2012 - 11:48 | |
| CVE-2013-1915 | 7.5 |
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference
|
12-02-2021 - 17:27 | 25-04-2013 - 23:55 | |
| CVE-2009-5031 | 4.3 |
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request
|
12-02-2021 - 17:24 | 22-07-2012 - 16:55 | |
| CVE-2013-2765 | 5.0 |
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header
|
16-11-2020 - 20:47 | 15-07-2013 - 15:55 |