PT-2023-6757 · Apache+4 · Apache+4

Coldtobi

Publicado

2023-01-20

Atualizado

2024-03-06

CVE-2023-24021

CVSS v2.0

9.4

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 2.9.7

Description The issue is related to errors in security settings of the WAF engine for Apache ModSecurity. It may allow a remote attacker to bypass existing firewall rules. The problem also involves incorrect handling of '0' bytes in file uploads, which can lead to Web Application Firewall bypasses and buffer over-reads when executing specific rules that read the FILES TMP CONTENT collection.

Recommendations For ModSecurity versions prior to 2.9.7, update to version 2.9.7 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling rules that read the FILES TMP CONTENT collection until a patch is available. Restrict access to the Web Application Firewall to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-402CWE-170

Identificadores relacionados

AZL-43843

AZL-44475

BDU:2023-07547

BIT-MODSECURITY-2023-24021

BIT-MODSECURITY2-2023-24021

CVE-2023-24021

DLA-3283-1

MGASA-2023-0175

OPENSUSE-SU-2023_0431-1

RHSA-2023:4629

SUSE-SU-2023:0431-1

SUSE-SU-2023:0447-1

SUSE-SU-2023_0431-1

SUSE-SU-2023_0447-1

USN-6370-1

Produtos afetados

Apache

Linuxmint

Modsecurity

Suse

Ubuntu

PT-2023-6757 · Apache+4 · Apache+4

CVE-2023-24021

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39