Coldtobi

**Name of the Vulnerable Software and Affected Versions** ModSecurity versions prior to 2.9.7 **Description** The issue is related to errors in security settings of the WAF engine for Apache ModSecurity. It may allow a remote attacker to bypass existing firewall rules. The problem also involves incorrect handling of '0' bytes in file uploads, which can lead to Web Application Firewall bypasses and buffer over-reads when executing specific rules that read the FILES TMP CONTENT collection. **Recommendations** For ModSecurity versions prior to 2.9.7, update to version 2.9.7 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling rules that read the FILES TMP CONTENT collection until a patch is available. Restrict access to the Web Application Firewall to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ModSecurity versions prior to 2.9.6 ModSecurity versions 3.x prior to 3.0.8 **Description** The issue is related to the incorrect parsing of HTTP multipart requests, which could allow an attacker to bypass the Web Application Firewall. This is due to a flaw in the analysis of HTTP requests. **Recommendations** For ModSecurity versions prior to 2.9.6, update to version 2.9.6 or later. For ModSecurity versions 3.x prior to 3.0.8, update to version 3.0.8 or later.