{ "schema_version": "1.4.0", "id": "GHSA-rcvp-p5h6-67hw", "modified": "2022-05-02T04:00:44Z", "published": "2022-05-02T04:00:44Z", "aliases": [ "CVE-2009-5031" ], "details": "ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5031" }, { "type": "WEB", "url": "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366" }, { "type": "WEB", "url": "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html" }, { "type": "WEB", "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES" }, { "type": "WEB", "url": "http://secunia.com/advisories/49576" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2012/06/22/1" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2012/06/22/2" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/54156" }, { "type": "WEB", "url": "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf" } ], "database_specific": { "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2012-07-22T16:55:00Z" } }