CVE-2023-24021

Published: Jan 20, 2023

Modified: Apr 2, 2025

PUBLISHED

Description

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7

https://github.com/SpiderLabs/ModSecurity/pull/2857

https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334

[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update

mailing-list

FEDORA-2023-8aa264d5c5

vendor-advisory

FEDORA-2023-09f0496e60

vendor-advisory

FEDORA-2023-bc61f7a145

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-24021

Description

Affected Products

References