CVE-2009-1903

Publication date 3 June 2009

Last updated 24 July 2024


Ubuntu priority

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

Status

Package Ubuntu Release Status
libapache-mod-security 10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Not affected
9.04 jaunty Ignored end of life
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libapache-mod-security