EulerOS 2.0 SP8 : mod_security (EulerOS-SA-2023-1601)

According to the versions of the modsecurity package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application...

Code injection

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase...