cbcvebase.
CVE-2012-4528
published 2012-12-28

CVE-2012-4528: The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application…

PriorityP342medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
12.51%
95.7th percentile
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianmodsecurity-apache< modsecurity-apache 2.6.6-5 (bookworm)modsecurity-apache 2.6.6-5 (bookworm)
fedoraprojectfedora
opensuseopensuse
opensuseopensuse
opensuseopensuse
trustwavemodsecurity< 2.7.02.7.0

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.