cbcvebase.
CVE-2009-5031
published 2012-07-22

CVE-2009-5031: ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and…

PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.93%
85.3th percentile
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianmodsecurity-apache< modsecurity-apache 2.6.6-1 (bookworm)modsecurity-apache 2.6.6-1 (bookworm)
debianmodsecurity-apache
opensuseopensuse
opensuseopensuse
opensuseopensuse
oraclehttp_server
trustwavemodsecurity< 2.6.62.6.6
trustwavemodsecurity< 2.5.112.5.11

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.