Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
References
Configurations
History
07 Nov 2023, 04:08
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
22 Apr 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Mar 2023, 19:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
09 Feb 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. |
30 Jan 2023, 18:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other | |
First Time |
Debian
Debian debian Linux Trustwave modsecurity Trustwave |
|
References | (MISC) https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334 - Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/SpiderLabs/ModSecurity/pull/2857 - Issue Tracking, Patch, Third Party Advisory |
26 Jan 2023, 21:18
Type | Values Removed | Values Added |
---|---|---|
Summary | Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer overflows on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | |
References |
|
20 Jan 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-20 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-24021
Mitre link : CVE-2023-24021
CVE.ORG link : CVE-2023-24021
JSON object : View
Products Affected
debian
- debian_linux
trustwave
- modsecurity
CWE