CVE-2009-1902

NONE
Published Jun 3, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jun 3, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 3

VendorProductVersionRange
trustwavemodsecurity* <2.5.9
fedoraprojectfedora9any
fedoraprojectfedora10any

References 14

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
    Not Applicable
  • secunia.com http://secunia.com/advisories/34256
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/34311
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/35687
    Third Party Advisory
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200907-02.xml
    Third Party Advisory
  • sourceforge.net http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846
    Third Party Advisory
  • osvdb.org http://www.osvdb.org/52553
    Broken Link
  • securityfocus.com http://www.securityfocus.com/archive/1/501968
    ExploitThird Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/bid/34096
    ExploitThird Party AdvisoryVDB Entry
  • vupen.com http://www.vupen.com/english/advisories/2009/0703
    Third Party Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/49212
    Third Party AdvisoryVDB Entry
  • exploit-db.com https://www.exploit-db.com/exploits/8241
    ExploitThird Party AdvisoryVDB Entry
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html
    Third Party Advisory
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.