Permissions, Privileges, and Access Controls in Trustwave ModSecurity



Published: 2012-12-28 | Updated: 2020-08-11
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2012-4528
CWE-ID CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		ModSecurity
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Trustwave

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU43224

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2012-4528

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ModSecurity: 2.0.0 - 2.6.8

External links

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGES
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?sortby=date&r1=2081&r2=2080&pathrev=2081
http://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081
http://seclists.org/fulldisclosure/2012/Oct/113
http://www.openwall.com/lists/oss-security/2012/10/18/14
http://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###