CVE-2012-4528

Name: CVE-2012-4528
Creator: NVD / NIST
Published: 2012-12-28T11:48:44.563+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 12.51%

Last modified Jun 16, 2026

CVE-2012-4528 is a vulnerability of currently unknown severity. The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.. EPSS estimates a 12.51% chance of exploitation in the next 30 days.

Description

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

Metrics

EPSS Probability

12.51%

95.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Trustwave	Modsecurity	< 2.7.0
Opensuse	Opensuse	11.4
Opensuse	Opensuse	12.2
Opensuse	Opensuse	12.3
Fedoraproject	Fedora	18

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.htmlMailing List, Third Party Advisory
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGESBroken Link
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?sortby=date&r1=2081&r2=2080&pathrev=2081Broken Link
http://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081Broken Link
http://seclists.org/fulldisclosure/2012/Oct/113Exploit, Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/10/18/14Mailing List, Third Party Advisory
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txtThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093011.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.htmlMailing List, Third Party Advisory
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGESBroken Link
http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?sortby=date&r1=2081&r2=2080&pathrev=2081Broken Link
http://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081Broken Link
http://seclists.org/fulldisclosure/2012/Oct/113Exploit, Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/10/18/14Mailing List, Third Party Advisory
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txtThird Party Advisory

Timeline

Published: Dec 28, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-4528?

How severe is CVE-2012-4528?

Severity scoring for CVE-2012-4528 is pending analysis. The EPSS model estimates a 12.51% probability of exploitation in the next 30 days.

How do I fix CVE-2012-4528?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-4528?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST