Trustwave ModSecurity 2.9.0 Release Candidate 1

CPE Details

Trustwave ModSecurity 2.9.0 Release Candidate 1
trustwave
modsecurity
2.9.0
2021-02-10
14h34 +00:00
2021-02-10
14h34 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:trustwave:modsecurity:2.9.0:rc1:*:*:*:*:*:*

Informations

Vendor

trustwave

Product

modsecurity

Version

2.9.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-48279 2023-01-20 00h00 +00:00 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
7.5
High
CVE-2023-24021 2023-01-20 00h00 +00:00 Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
7.5
High
CVE-2021-42717 2021-12-07 20h08 +00:00 ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.
7.5
High