Lucene search

Modsecurity Security Vulnerabilities - 2023

cve

CVE-2022-48279

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.

7.5CVSS

8.4AI Score

0.005EPSS

2023-01-20 07:15 PM

cve

CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.

7.5CVSS

7.5AI Score

0.002EPSS

2023-01-20 07:15 PM

cve

CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.

7.5CVSS

7.2AI Score

0.001EPSS

2023-04-28 04:15 AM

140

cve

CVE-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.

7.5CVSS

7.3AI Score

0.001EPSS

2023-07-26 09:15 PM

154