Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 11 results


CVE-2023-24021

Medium priority

Some fixes available 4 of 5

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read...

1 affected packages

modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity-apache Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-48279

Medium priority

Some fixes available 5 of 9

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to...

2 affected packages

modsecurity, modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity Not affected Needs evaluation Needs evaluation Not in release Ignored
modsecurity-apache Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-42717

Medium priority

Some fixes available 3 of 14

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large...

2 affected packages

modsecurity, modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity Needs evaluation Needs evaluation Needs evaluation Ignored
modsecurity-apache Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-15598

Medium priority
Ignored

** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security...

2 affected packages

modsecurity, modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity Not affected Not affected Not affected Not in release Not in release
modsecurity-apache Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-13065

Low priority
Ignored

** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured.

1 affected packages

modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity-apache Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2013-5705

Medium priority
Ignored

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

2 affected packages

libapache-mod-security, modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libapache-mod-security Not in release
modsecurity-apache Not affected
Show less packages

CVE-2013-2765

Medium priority
Ignored

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted...

1 affected packages

modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity-apache Not affected
Show less packages

CVE-2013-1915

Medium priority

Some fixes available 11 of 14

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with...

2 affected packages

libapache-mod-security, modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libapache-mod-security Not in release
modsecurity-apache Fixed
Show less packages

CVE-2012-4528

Medium priority
Ignored

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

1 affected packages

modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity-apache Not affected
Show less packages

CVE-2012-2751

Medium priority

Some fixes available 3 of 5

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header,...

2 affected packages

libapache-mod-security, modsecurity-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libapache-mod-security Not in release
modsecurity-apache Not affected
Show less packages