Описание
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
A vulnerability was found in Trustwave's ModSecurity project due to an inefficient algorithmic complexity flaw. This issue is present in four transformation actions: removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could trigger worst-case performance, causing a denial of service.
Отчет
ModSecurity v2.x is not affected. CVE-2023-38285 only affects ModSecurity v3.x releases. None of our products ship ModSecurity v3.x builds. Therefore, Red Hat Enterprise Linux, Red Hat Software Collections, and Red Hat JBoss Core Services are not affected by this CVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | mod_security | Not affected | ||
| Red Hat Enterprise Linux 8 | mod_security | Not affected | ||
| Red Hat Enterprise Linux 9 | mod_security | Not affected | ||
| Red Hat JBoss Core Services | jbcs-httpd24-mod_security | Not affected | ||
| Red Hat JBoss Core Services | mod_security | Not affected | ||
| Red Hat Software Collections | httpd24-mod_security | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Co ...
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
7.5 High
CVSS3