CVE-2024-1019
published 2024-01-30CVE-2024-1019: ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3…
PriorityP349high8.6CVSS 3.1
AVNACLPRNUINSCCNIHAN
EPSS
0.68%
47.8th percentile
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | modsecurity | < modsecurity 3.0.12-1 (forky) | modsecurity 3.0.12-1 (forky) |
| owasp | modsecurity | >= 3.0.0 < 3.0.12 | 3.0.12 |
| owasp_modsecurity | modsecurity | 3.0.0 – 3.0.11 | — |
| trustwave | modsecurity | >= 0 < 3.0.12-1 | 3.0.12-1 |
| trustwave | modsecurity | >= 0 < 3.0.12-1 | 3.0.12-1 |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
osv8.6HIGH
vendor_debian8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2024-1019: modsecurity - ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for pat...
vendor_debian·2024·CVSS 8.6
CVE-2024-1019 [HIGH] CVE-2024-1019: modsecurity - ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for pat...
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 3.0.12-1)
sid: res
GHSA
GHSA-w56r-g989-xqw3: ModSecurity / libModSecurity 3
ghsa_unreviewed·2024-01-30
CVE-2024-1019 [HIGH] CWE-20 GHSA-w56r-g989-xqw3: ModSecurity / libModSecurity 3
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
OSV
CVE-2024-1019: ModSecurity / libModSecurity 3
osv·2024-01-30·CVSS 8.6
CVE-2024-1019 [HIGH] CVE-2024-1019: ModSecurity / libModSecurity 3
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-51043 kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c
bugzilla·2024-01-24·CVSS 7.0
CVE-2023-51043 [HIGH] CVE-2023-51043 kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c
CVE-2023-51043 kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.5
https://github.com/torvalds/linux/commit/4e076c73e4f6e90816b30fcd4a0d7ab365087255
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:1019 https://access.redhat.com/errata/RHSA-2024:1019
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:1018 https://ac
Bugzilla
CVE-2023-51042 kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
bugzilla·2024-01-23·CVSS 7.8
CVE-2023-51042 [HIGH] CVE-2023-51042 kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
CVE-2023-51042 kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12
https://github.com/torvalds/linux/commit/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628
Discussion:
* RHEL9.2 and below are affected.
* RHEL8 affected.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.6 Extended Update Support
Via RHSA-2024:0930 https://access.redhat.com/errata/RHSA-2024:0930
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:1019 https://access.redhat.com/
https://lists.fedoraproject.org/archives/list/[email protected]/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/https://lists.fedoraproject.org/archives/list/[email protected]/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30https://lists.fedoraproject.org/archives/list/[email protected]/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/https://lists.fedoraproject.org/archives/list/[email protected]/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
2024-01-30
Published