CVE-2023-24021

Description

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer overflows on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.

Related CPE's

a trustwave modsecurity ********

o debian debian_linux 10.0 *******

References

https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334

PatchThird Party Advisory

https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7

Release NotesThird Party Advisory

https://github.com/SpiderLabs/ModSecurity/pull/2857

Issue TrackingPatchThird Party Advisory

[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update

Mailing ListThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io