#VU43224 Permissions, Privileges, and Access Controls in ModSecurity - CVE-2012-4528

Cybersecurity Help s.r.o.

Published: 2012-12-28 | Updated: 2020-08-11

Vulnerability identifier: #VU43224

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2012-4528

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
ModSecurity
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Trustwave

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

ModSecurity: 2.0.0 - 2.0.4, 2.1.0 - 2.1.6, 2.5.0 - 2.5.13, 2.6.0 - 2.6.8

External links
https://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.html
https://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
https://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
https://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
https://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGES
https://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?sortby=date&r1=2081&r2=2080&pathrev=2081
https://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081
https://seclists.org/fulldisclosure/2012/Oct/113
https://www.openwall.com/lists/oss-security/2012/10/18/14
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Permissions, Privileges, and Access Controls in Trustwave ModSecurity