CVE-2009-5031 - Vulnerability Details - OpenCVE

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Opensuse
Trustwave	Modsecurity

Configuration 1 [-]

cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*

No data.

References

Link	Providers
http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES
http://secunia.com/advisories/49576
http://www.openwall.com/lists/oss-security/2012/06/22/1
http://www.openwall.com/lists/oss-security/2012/06/22/2
http://www.securityfocus.com/bid/54156
http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf
https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-22T16:00:00

Updated: 2024-08-07T07:24:53.965Z

Reserved: 2010-12-09T00:00:00

Link: CVE-2009-5031

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-07-22T16:55:17.307

Modified: 2025-04-11T00:51:21.963

Link: CVE-2009-5031

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-25T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2013:1342", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html"}, {"name": "54156", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/54156"}, {"name": "openSUSE-SU-2013:1331", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html"}, {"name": "[oss-security] 20120621 Re: mod_security CVE request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/22/2"}, {"name": "[oss-security] 20120621 mod_security CVE request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/22/1"}, {"name": "49576", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49576"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366"}, {"name": "openSUSE-SU-2013:1336", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-5031", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2013:1342", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html"}, {"name": "54156", "refsource": "BID", "url": "http://www.securityfocus.com/bid/54156"}, {"name": "openSUSE-SU-2013:1331", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"}, {"name": "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf", "refsource": "MISC", "url": "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf"}, {"name": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES", "refsource": "CONFIRM", "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES"}, {"name": "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html", "refsource": "MISC", "url": "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html"}, {"name": "[oss-security] 20120621 Re: mod_security CVE request", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/06/22/2"}, {"name": "[oss-security] 20120621 mod_security CVE request", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/06/22/1"}, {"name": "49576", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49576"}, {"name": "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366", "refsource": "CONFIRM", "url": "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366"}, {"name": "openSUSE-SU-2013:1336", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:24:53.965Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2013:1342", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html"}, {"name": "54156", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/54156"}, {"name": "openSUSE-SU-2013:1331", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html"}, {"name": "[oss-security] 20120621 Re: mod_security CVE request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/06/22/2"}, {"name": "[oss-security] 20120621 mod_security CVE request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/06/22/1"}, {"name": "49576", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49576"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366"}, {"name": "openSUSE-SU-2013:1336", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-5031", "datePublished": "2012-07-22T16:00:00", "dateReserved": "2010-12-09T00:00:00", "dateUpdated": "2024-08-07T07:24:53.965Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E2971B0-3590-402D-912D-4D0CD11560F6", "versionEndExcluding": "2.5.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header."}, {"lang": "es", "value": "ModSecurity v2.5.11 trata los valores de los par\u00e1metros de solicitud que contienen comillas simples como archivos, permite a atacantes remotos eludir las reglas de filtrado y llevar a cabo otros ataques como secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de una \u00fanica oferta en un par\u00e1metro de la petici\u00f3n en el campo Content-Disposition de una solicitud con un encabezado multipart/form-data Content-Type"}], "id": "CVE-2009-5031", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-07-22T16:55:17.307", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/49576"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/06/22/1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/06/22/2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/54156"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/49576"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/06/22/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/06/22/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/54156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}