icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ModSecurity < 2.5.9 Multipart Request Header Name DoS

High

Synopsis

The remote web application firewall may be affected by a denial of service vulnerability

Description

According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.5.9. It is, therefore, potentially affected by a denial of service vulnerability. An error exists related to multipart form HTTP POST requests with a missing part header name that could allow an attacker to crash the application.

Solution

Upgrade to ModSecurity version 2.5.9 or later.