CVE-2009-1902
NONE
Published Jun 3, 200917y ago · Modified Jun 16, 20262w ago
Published Jun 3, 2009 17y ago
Last Modified Jun 16, 2026 2w ago
Description
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| trustwave | modsecurity | * | <2.5.9 |
| fedoraproject | fedora | 9 | any |
| fedoraproject | fedora | 10 | any |
References 14
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
- secunia.com http://secunia.com/advisories/34256
- secunia.com http://secunia.com/advisories/34311
- secunia.com http://secunia.com/advisories/35687
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200907-02.xml
- sourceforge.net http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846
- osvdb.org http://www.osvdb.org/52553
- securityfocus.com http://www.securityfocus.com/archive/1/501968
- securityfocus.com http://www.securityfocus.com/bid/34096
- vupen.com http://www.vupen.com/english/advisories/2009/0703
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/49212
- exploit-db.com https://www.exploit-db.com/exploits/8241
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.