Описание
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 2.9.7-1 |
| esm-apps/bionic | released | 2.9.2-1ubuntu0.1~esm1 |
| esm-apps/focal | released | 2.9.3-1ubuntu0.1 |
| esm-apps/jammy | released | 2.9.5-1ubuntu0.1~esm1 |
| esm-apps/noble | not-affected | 2.9.7-1 |
| esm-apps/xenial | released | 2.9.0-1ubuntu0.1~esm1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| focal | released | 2.9.3-1ubuntu0.1 |
| jammy | needed |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS3
Связанные уязвимости
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
Incorrect handling of '\0' bytes in file uploads in ModSecurity before ...
EPSS
7.5 High
CVSS3