1
Candidate: CVE-2009-1902
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902
5
http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846
7
The multipart processor in ModSecurity before 2.5.9 allows remote attackers
8
to cause a denial of service (crash) via a multipart form datapost request
9
with a missing part header name, which triggers a NULL pointer dereference.
12
mdeslaur> PoC: http://www.milw0rm.com/exploits/8241
18
Patches_libapache-mod-security:
19
upstream: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?r1=1272&r2=1271&pathrev=1272
20
upstream_libapache-mod-security: released (2.5.9-1)
21
dapper_libapache-mod-security: not-affected (code not present)
22
hardy_libapache-mod-security: DNE
23
intrepid_libapache-mod-security: DNE
24
jaunty_libapache-mod-security: ignored (reached end-of-life)
25
karmic_libapache-mod-security: not-affected (2.5.9-1)
26
lucid_libapache-mod-security: not-affected (2.5.9-1)
27
maverick_libapache-mod-security: not-affected (2.5.9-1)
28
devel_libapache-mod-security: not-affected (2.5.9-1)