Lucene search

[email protected]CVE-2023-28882

HistoryApr 28, 2023 - 4:15 a.m.

CVE-2023-28882

2023-04-2804:15:38

CWE-400

[email protected]

web.nvd.nist.gov

134

trustwave

modsecurity

cve-2023-28882

denial of service

dos

worker crash

unresponsiveness

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.1%

JSON

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.

Affected configurations

NVD

Node

trustwavemodsecurityRange3.0.5–3.0.9

CPENameOperatorVersion
trustwave:modsecuritytrustwave modsecuritylt3.0.9

CPE	Name	Operator	Version
trustwave:modsecurity	trustwave modsecurity	lt	3.0.9

References

www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.1%

JSON

Related for CVE-2023-28882

prion1 redhatcve1 osv3 debiancve1 wolfi1 ubuntucve1 cgr1 nvd1 cvelist1 openvas2 nessus2