Описание
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| modsecurity | fixed | 3.0.9-1 | package | |
| modsecurity | not-affected | bullseye | package | |
| modsecurity | not-affected | buster | package |
Примечания
https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/
https://github.com/SpiderLabs/ModSecurity/pull/2886
Introduced by: https://github.com/SpiderLabs/ModSecurity/commit/8df35deadb16b19e4cd936e6370688dccf1e18a4 (v3.0.5)
Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/db84d8cf771d39db578707cd03ec2b60f74c9785 (v3.0.9)
EPSS
Связанные уязвимости
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
EPSS