This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in
ModSecurity before 2.6.6, when used with PHP, does not properly handle
single quotes not at the beginning of a request parameter value in the
Content-Disposition field of a request with a multipart/form-data
Content-Type header, which allows remote attackers to bypass filtering
rules and perform other attacks such as cross-site scripting (XSS)
attacks. NOTE: this vulnerability exists because of an incomplete fix
for CVE-2009-5031 (CVE-2012-2751).
ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset
bypass, this was fixed in 2.7.0 (released on2012-10-16)
The updated packages have been patched to correct these issues.
Update the affected apache-mod_security and / or mlogc packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true