Search CVE reports
1 – 10 of 11 results
CVE-2023-24021
Medium prioritySome fixes available 4 of 5
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read...
1 affected packages
modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity-apache | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-48279
Medium prioritySome fixes available 5 of 9
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to...
2 affected packages
modsecurity, modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity | Not affected | Needs evaluation | Needs evaluation | Not in release | Ignored |
modsecurity-apache | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2021-42717
Medium prioritySome fixes available 3 of 14
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large...
2 affected packages
modsecurity, modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
modsecurity-apache | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2020-15598
Medium priority** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security...
2 affected packages
modsecurity, modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity | Not affected | Not affected | Not affected | Not in release | Not in release |
modsecurity-apache | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13065
Low priority** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured.
1 affected packages
modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity-apache | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2013-5705
Medium priorityapache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
2 affected packages
libapache-mod-security, modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libapache-mod-security | — | — | — | — | Not in release |
modsecurity-apache | — | — | — | — | Not affected |
CVE-2013-2765
Medium priorityThe ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted...
1 affected packages
modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity-apache | — | — | — | — | Not affected |
CVE-2013-1915
Medium prioritySome fixes available 11 of 14
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with...
2 affected packages
libapache-mod-security, modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libapache-mod-security | — | — | — | — | Not in release |
modsecurity-apache | — | — | — | — | Fixed |
CVE-2012-4528
Medium priorityThe mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
1 affected packages
modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity-apache | — | — | — | — | Not affected |
CVE-2012-2751
Medium prioritySome fixes available 3 of 5
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header,...
2 affected packages
libapache-mod-security, modsecurity-apache
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libapache-mod-security | — | — | — | — | Not in release |
modsecurity-apache | — | — | — | — | Not affected |