CVE-2009-1903Modsecurity vulnerability

3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
1.9%
top 16.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trustwave ModsecurityFedoraproject Fedora
Timeline
PublishedJun 3
Latest updateMay 2

Description

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

Also affects: Fedora 10, 9

🔴Vulnerability Details

2
GHSA
GHSA-p2cm-r6g3-j83j: The PDF XSS protection feature in ModSecurity before 22022-05-02
CVEList
CVE-2009-1903: The PDF XSS protection feature in ModSecurity before 22009-06-03
CVE-2009-1903 — Trustwave Modsecurity vulnerability | cvebase