CVE-2023-24021
published 2023-01-20CVE-2023-24021: Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.91%
55.4th percentile
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | modsecurity-apache | < modsecurity-apache 2.9.7-1 (bookworm) | modsecurity-apache 2.9.7-1 (bookworm) |
| trustwave | modsecurity | < 2.9.7 | 2.9.7 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_oracle7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
modsecurity-apache vulnerabilities
osv·2023-09-14·CVSS 7.5
CVE-2021-42717 [HIGH] modsecurity-apache vulnerabilities
modsecurity-apache vulnerabilities
It was discovered that ModSecurity incorrectly handled certain nested JSON
objects. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-42717)
It was discovered that ModSecurity incorrectly handled certain HTTP
multipart requests. A remote attacker could possibly use this issue
to bypass ModSecurity restrictions. (CVE-2022-48279)
It was discovered that ModSecurity incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause a
buffer overflow and a firewall failure. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-24021)
OSV
CVE-2023-24021: Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2
osv·2023-01-20·CVSS 7.5
CVE-2023-24021 [HIGH] CVE-2023-24021: Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
GHSA
GHSA-845r-7x4c-q8qf: In ModSecurity before 2
ghsa_unreviewed·2023-01-20
CVE-2023-24021 [CRITICAL] CWE-170 GHSA-845r-7x4c-q8qf: In ModSecurity before 2
In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes lacked the complete content. This can lead to a Web Application Firewall bypass.
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (ModSecurity) — CVE-2023-24021
vendor_oracle·2024-04-15·CVSS 7.5
CVE-2023-24021 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (ModSecurity) — CVE-2023-24021
Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (ModSecurity) vulnerability
CVE: CVE-2023-24021
CVSS: 7.5
Protocol: TLS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2024 (APR 2024)
Ubuntu
ModSecurity vulnerabilities
vendor_ubuntu·2023-09-14·CVSS 7.5
CVE-2021-42717 [HIGH] ModSecurity vulnerabilities
Title: ModSecurity vulnerabilities
Summary: Several security issues were fixed in ModSecurity.
It was discovered that ModSecurity incorrectly handled certain nested JSON
objects. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-42717)
It was discovered that ModSecurity incorrectly handled certain HTTP
multipart requests. A remote attacker could possibly use this issue
to bypass ModSecurity restrictions. (CVE-2022-48279)
It was discovered that ModSecurity incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause a
buffer overflow and a firewall failure. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Red Hat
modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass
vendor_redhat·2023-01-20·CVSS 7.5
CVE-2023-24021 [HIGH] CWE-402 modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass
modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.
Statement: Red Hat rates this vulnerability as Moderate impact as a result of how mod_security is configured to be used in Red Hat products. When running with default configurations the affected program will have limited privileges and thus the impact of this flaw will be restricted beyon
Debian
CVE-2023-24021: modsecurity-apache - Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may...
vendor_debian·2023·CVSS 7.5
CVE-2023-24021 [HIGH] CVE-2023-24021: modsecurity-apache - Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may...
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
Scope: local
bookworm: resolved (fixed in 2.9.7-1)
bullseye: resolved (fixed in 2.9.3-3+deb11u2)
forky: resolved (fixed in 2.9.7-1)
sid: resolved (fixed in 2.9.7-1)
trixie: resolved (fixed in 2.9.7-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/SpiderLabs/ModSecurity/pull/2857https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7https://lists.debian.org/debian-lts-announce/2023/01/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/https://github.com/SpiderLabs/ModSecurity/pull/2857https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7https://lists.debian.org/debian-lts-announce/2023/01/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/
2023-01-20
Published