Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-24021HistoryJan 20, 2023 - 7:15 p.m.
CVE-2023-24021
2023-01-2019:15:18
Debian Security Bug Tracker
security-tracker.debian.org
20
modsecurity
file uploads
web application firewall
buffer over-reads
security vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
61.0%
Incorrect handling of ‘\0’ bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | modsecurity-apache | < 2.9.7-1 | modsecurity-apache_2.9.7-1_all.deb |
| Debian | 11 | all | modsecurity-apache | < 2.9.3-3+deb11u2 | modsecurity-apache_2.9.3-3+deb11u2_all.deb |
| Debian | 999 | all | modsecurity-apache | < 2.9.7-1 | modsecurity-apache_2.9.7-1_all.deb |
| Debian | 13 | all | modsecurity-apache | < 2.9.7-1 | modsecurity-apache_2.9.7-1_all.deb |
Related
nessus
nessus
SUSE SLES15 Security Update : apache2-mod_security2 (SUSE-SU-2023:0447-1)
2023-02-18 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_security2 (SUSE-SU-2023:0431-1)
2023-02-16 00:00:00
RHEL 7 : modsecurity (Unpatched Vulnerability)
2024-05-11 00:00:00
prion
prion
Design/Logic Flaw
2023-01-20 19:15:00
nvd
nvd
CVE-2023-24021
2023-01-20 19:15:18
cve
cve
CVE-2023-24021
2023-01-20 19:15:18
ubuntucve
ubuntucve
CVE-2023-24021
2023-01-20 00:00:00
osv
osv
BIT-modsecurity2-2023-24021
2024-03-06 10:56:51
BIT-modsecurity-2023-24021
2024-03-06 10:56:44
CVE-2023-24021
2023-01-20 19:15:18
f5
f5
K000133041 : ModSecurity vulnerability CVE-2023-24021
2023-03-17 00:00:00
openvas
openvas
openSUSE: Security Advisory for apache2 (SUSE-SU-2023:0431-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0431-1)
2023-02-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0447-1)
2023-02-20 00:00:00
redhatcve
redhatcve
CVE-2023-24021
2023-01-24 05:37:02
cvelist
cvelist
CVE-2023-24021
2023-01-20 00:00:00
mageia
mageia
Updated apache-mod_security packages fix security vulnerability
2023-05-21 11:42:44
fedora
fedora
[SECURITY] Fedora 38 Update: mod_security-2.9.7-1.fc38
2023-04-22 00:49:48
[SECURITY] Fedora 36 Update: mod_security-2.9.7-1.fc36
2023-04-22 01:12:59
[SECURITY] Fedora 37 Update: mod_security-2.9.7-1.fc37
2023-04-22 00:56:28
amazon
amazon
Important: mod_security
2023-06-21 19:11:00
debian
debian
[SECURITY] [DLA 3283-1] modsecurity-apache security update
2023-01-26 18:46:06
ubuntu
ubuntu
ModSecurity vulnerabilities
2023-09-14 00:00:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
61.0%
Related for DEBIANCVE:CVE-2023-24021