{"id":"UBUNTU-CVE-2012-4528","details":"The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.","modified":"2025-07-16T07:31:01.917190Z","published":"2012-12-28T11:48:00Z","withdrawn":"2025-07-18T16:42:47Z","upstream":["CVE-2012-4528"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-4528"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2012/10/18"},{"type":"REPORT","url":"http://mod-security.svn.sourceforge.net/viewvc/mod-security?view=revision&sortby=date&revision=2081"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2012-4528"}],"affected":[{"package":{"name":"modsecurity-apache","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/modsecurity-apache@2.7.7-2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.7-2"}]}],"versions":["2.7.4-1","2.7.5-1","2.7.7-1","2.7.7-1ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.7.7-2","binary_name":"libapache2-mod-security2"},{"binary_version":"2.7.7-2","binary_name":"libapache2-modsecurity"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-4528.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}