ModSecurity Two Denial of Service Vulnerabilities Date: Thursday, March 12, 2009 @ 17:09:00 CDT Topic: Security SECUNIA ADVISORY ID: SA34256 VERIFY ADVISORY: http://secunia.com/advisories/34256/ DESCRIPTION: Two vulnerabilities have been reported in ModSecurity, which can be exploited by malicious people to cause a DoS (Denial of Service). Successful exploitation requires that PDF XSS protection is enabled (disabled by default). 1) An error in the PDF XSS protection implementation can be exploited to cause a crash via a specially crafted HTTP request.Successful exploitation requires that PDF XSS protection is enabled (disabled by default). 2) An error when parsing multipart requests can be exploited to cause a crash via multipart content with a missing part header name. SOLUTION: Update to version 2.5.9. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Steve Grubb, Red Hat 2) Internet Security Auditors ORIGINAL ADVISORY: http://www.modsecurity.org/ http://sourceforge.net/project/shownotes.php?release_id=667538 http://sourceforge.net/project/shownotes.php?release_id=667542 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3572