Trustwave ModSecurity 2.9.4

CPE Details

Trustwave ModSecurity 2.9.4
trustwave
modsecurity
2.9.4
2021-12-09
18h19 +00:00
2021-12-13
13h14 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:trustwave:modsecurity:2.9.4:*:*:*:*:*:*:*

Informations

Vendor

trustwave

Product

modsecurity

Version

2.9.4

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-48279 2023-01-20 00h00 +00:00 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
7.5
Haute
CVE-2023-24021 2023-01-20 00h00 +00:00 Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
7.5
Haute
CVE-2021-42717 2021-12-07 20h08 +00:00 ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.
7.5
Haute