Unrated severityNVD Advisory· Published Jun 3, 2009· Updated Apr 23, 2026

CVE-2009-1903

Description

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

Affected products

Trustwave/Modsecurity
cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*
Range: <2.5.8
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/34256nvdThird Party Advisory
secunia.com/advisories/34311nvdThird Party Advisory
secunia.com/advisories/35687nvdThird Party Advisory
security.gentoo.org/glsa/glsa-200907-02.xmlnvdThird Party Advisory
www.securityfocus.com/bid/34096nvdThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2009/0703nvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/49211nvdThird Party AdvisoryVDB Entry
www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.htmlnvdThird Party Advisory
www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.htmlnvdThird Party Advisory
sourceforge.net/project/shownotes.phpnvdBroken Link
www.osvdb.org/52552nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000