PT-2023-22029 · Trustwave · Modsecurity

Airween

Publicado

2023-04-28

Atualizado

2025-07-03

CVE-2023-28882

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Trustwave ModSecurity versions 3.0.5 through 3.0.8

Description The issue allows a denial of service, causing worker crash and unresponsiveness. This occurs because some inputs cause a segfault in the Transaction class for certain configurations.

Recommendations For Trustwave ModSecurity versions 3.0.5 through 3.0.8, update to version 3.0.9 to resolve the issue.

Correção

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

ALT-PU-2023-6640

BIT-MODSECURITY-2023-28882

BIT-MODSECURITY2-2023-28882

CVE-2023-28882

OPENSUSE-SU-2023:0257-1

OPENSUSE-SU-2023:0269-1

OPENSUSE-SU-2024:12937-1

Produtos afetados

Modsecurity

PT-2023-22029 · Trustwave · Modsecurity

CVE-2023-28882

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27