CVE-2009-1903

Published: 3 June 2009

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

Priority

Status

Package	Release	Status
libapache-mod-security Launchpad, Ubuntu, Debian	dapper	Not vulnerable (code not present)
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Ignored (end of life)
	karmic	Not vulnerable (2.5.9-1)
	lucid	Not vulnerable (2.5.9-1)
	maverick	Not vulnerable (2.5.9-1)
	upstream	Released (2.5.9-1)
	Patches: upstream: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/pdf_protect.c?r1=1258&r2=1257&pathrev=1258

References

https://www.cve.org/CVERecord?id=CVE-2009-1903
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.