Candidate: CVE-2009-1902
PublicDate: 2009-06-03 17:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902
 http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846
Description:
 The multipart processor in ModSecurity before 2.5.9 allows remote attackers
 to cause a denial of service (crash) via a multipart form datapost request
 with a missing part header name, which triggers a NULL pointer dereference.
Ubuntu-Description:
Notes:
 mdeslaur> PoC: http://www.milw0rm.com/exploits/8241
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libapache-mod-security:
 upstream: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?r1=1272&r2=1271&pathrev=1272
upstream_libapache-mod-security: released (2.5.9-1)
dapper_libapache-mod-security: not-affected (code not present)
hardy_libapache-mod-security: DNE
intrepid_libapache-mod-security: DNE
jaunty_libapache-mod-security: ignored (reached end-of-life)
karmic_libapache-mod-security: not-affected (2.5.9-1)
lucid_libapache-mod-security: not-affected (2.5.9-1)
maverick_libapache-mod-security: not-affected (2.5.9-1)
devel_libapache-mod-security: not-affected (2.5.9-1)