CVE-2023-24021

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 2.9.7

Description The issue is related to errors in security settings of the WAF engine for Apache ModSecurity. It may allow a remote attacker to bypass existing firewall rules. The problem also involves incorrect handling of '0' bytes in file uploads, which can lead to Web Application Firewall bypasses and buffer over-reads when executing specific rules that read the FILES TMP CONTENT collection.

Recommendations For ModSecurity versions prior to 2.9.7, update to version 2.9.7 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling rules that read the FILES TMP CONTENT collection until a patch is available. Restrict access to the Web Application Firewall to minimize the risk of exploitation.