CVE-2009-1903

NONE
Published Jun 3, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jun 3, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 3

VendorProductVersionRange
trustwavemodsecurity* <2.5.8
fedoraprojectfedora9any
fedoraprojectfedora10any

References 11

  • secunia.com http://secunia.com/advisories/34256
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/34311
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/35687
    Third Party Advisory
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200907-02.xml
    Third Party Advisory
  • sourceforge.net http://sourceforge.net/project/shownotes.php?release_id=667538
    Broken Link
  • osvdb.org http://www.osvdb.org/52552
    Broken Link
  • securityfocus.com http://www.securityfocus.com/bid/34096
    Third Party AdvisoryVDB Entry
  • vupen.com http://www.vupen.com/english/advisories/2009/0703
    Third Party Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/49211
    Third Party AdvisoryVDB Entry
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html
    Third Party Advisory
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.