Vulnerability Solutions

The WatchMouse Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview

[GLSA-200907-02] ModSecurity: Denial of Service
Category: Gentoo Local Security Checks	Risk factor: Medium	Added: 3 Jul 2009
Synopsis: The remote host is missing the GLSA-200907-02 security update. Description: The remote host is affected by the vulnerability described in GLSA-200907-02 (ModSecurity: Denial of Service) Multiple vulnerabilities were discovered in ModSecurity: Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name (CVE-2009-1902). Steve Grubb of Red Hat reported that the "PDF XSS protection" feature does not properly handle HTTP requests to a PDF file that do not use the GET method (CVE-2009-1903). Impact A remote attacker might send requests containing specially crafted multipart data or send certain requests to access a PDF file, possibly resulting in a Denial of Service (crash) of the Apache HTTP daemon. NOTE: The PDF XSS protection is not enabled by default. Workaround There is no known workaround at this time. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1903 http://www.gentoo.org/security/en/glsa/glsa-200907-02.xml Solution: All ModSecurity users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.5.9" Risk factor: Medium