Описание
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| modsecurity | fixed | 3.0.4-1 | package | |
| modsecurity | no-dsa | buster | package |
Примечания
https://github.com/SpiderLabs/ModSecurity/issues/2566
https://github.com/SpiderLabs/ModSecurity/commit/9cac167fafd180902c2aa5dc6141aae874127199
Связанные уязвимости
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
Уязвимость WAF движка для Apache ModSecurity, связанная с недостатками в обработке исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании