Search CVE reports
11 – 13 of 13 results
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
1 affected package
modsecurity-apache
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| modsecurity-apache | — | — | — | — |
Some fixes available 3 of 5
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header,...
2 affected packages
libapache-mod-security, modsecurity-apache
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libapache-mod-security | — | — | — | — |
| modsecurity-apache | — | — | — | — |
Some fixes available 1 of 2
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single...
2 affected packages
libapache-mod-security, modsecurity-apache
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libapache-mod-security | — | — | — | — |
| modsecurity-apache | — | — | — | — |