CVE-2009-1903
NONE
Published Jun 3, 200917y ago · Modified Jun 16, 20262w ago
Published Jun 3, 2009 17y ago
Last Modified Jun 16, 2026 2w ago
Description
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| trustwave | modsecurity | * | <2.5.8 |
| fedoraproject | fedora | 9 | any |
| fedoraproject | fedora | 10 | any |
References 11
- secunia.com http://secunia.com/advisories/34256
- secunia.com http://secunia.com/advisories/34311
- secunia.com http://secunia.com/advisories/35687
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200907-02.xml
- sourceforge.net http://sourceforge.net/project/shownotes.php?release_id=667538
- osvdb.org http://www.osvdb.org/52552
- securityfocus.com http://www.securityfocus.com/bid/34096
- vupen.com http://www.vupen.com/english/advisories/2009/0703
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/49211
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.