CVE-2009-1903
Published: 3 June 2009
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
Priority
Status
Package | Release | Status |
---|---|---|
libapache-mod-security Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Not vulnerable
(2.5.9-1)
|
|
lucid |
Not vulnerable
(2.5.9-1)
|
|
maverick |
Not vulnerable
(2.5.9-1)
|
|
upstream |
Released
(2.5.9-1)
|
|
Patches: upstream: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/pdf_protect.c?r1=1258&r2=1257&pathrev=1258 |