Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4528 — Modsecurity vulnerability

7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

11.5%

top 6.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trustwave Modsecurity Fedoraproject Fedora Opensuse

Timeline

PublishedDec 28

Latest updateMay 13

Description

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDtrustwave/modsecurity< 2.7.0

▶NVDopensuse/opensuse11.4, 12.2, 12.3+2

Also affects: Fedora 18

🔴Vulnerability Details

GHSA

GHSA-v835-w774-qhww: The mod_security2 module before 2↗2022-05-13

▶

CVEList

CVE-2012-4528: The mod_security2 module before 2↗2012-12-28

▶

OSV

CVE-2012-4528: The mod_security2 module before 2↗2012-12-28

▶

💥Exploits & PoCs

Exploit-DB

ModSecurity - 'POST' Security Bypass↗2012-10-17

▶

📋Vendor Advisories

Debian

CVE-2012-4528: modsecurity-apache - The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote a...↗2012

▶

💬Community

Bugzilla

CVE-2012-4528 mod_security: multipart/invalid part ruleset bypass↗2012-10-17

▶