DSA-2506-1 libapache-mod-security -- modsecurity bypassID: oval:org.secpod.oval:def:600844 | Date: (C)2012-07-05 (M)2023-02-20 |
Class: PATCH | Family: unix |
Qualys Vulnerability & Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both "Content:Disposition: attachment" and "Content-Type: multipart" were present in HTTP headers, the vulernability could allow an attacker to bypass policy and execute cross-site script attacks through properly crafted HTML documents.
Product: |
libapache-mod-security |