ModSecurity < 2.5.9 Multipart Request Header Name DoS
High Nessus Network Monitor Plugin ID 6989
SynopsisThe remote web application firewall may be affected by a denial of service vulnerability
DescriptionAccording to its banner, the version of ModSecurity installed on the remote host is earlier than 2.5.9. It is, therefore, potentially affected by a denial of service vulnerability. An error exists related to multipart form HTTP POST requests with a missing part header name that could allow an attacker to crash the application.
SolutionUpgrade to ModSecurity version 2.5.9 or later.