CVE-2024-1019 – WAF bypass of the ModSecurity v3 release line
https://notcve.org/view.php?id=CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30 • CWE-20: Improper Input Validation •
CVE-2023-38285
https://notcve.org/view.php?id=CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. • https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285 https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall • CWE-407: Inefficient Algorithmic Complexity •
CVE-2023-28882
https://notcve.org/view.php?id=CVE-2023-28882
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. • https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-48279 – mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
https://notcve.org/view.php?id=CVE-2022-48279
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. En ModSecurity anterior a 2.9.6 y 3.x anterior a 3.0.8, las solicitudes HTTP multiparte se analizaban incorrectamente y podían omitir el Firewall de aplicaciones web. NOTA: esto está relacionado con CVE-2022-39956, pero puede considerarse cambios independientes en el código base de ModSecurity (lenguaje C). A vulnerability was found in ModSecurity. • https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves https://github.com/SpiderLabs/ModSecurity/pull/2795 https://github.com/SpiderLabs/ModSecurity/pull/2797 https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6 https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8 https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ • CWE-436: Interpretation Conflict CWE-1389: Incorrect Parsing of Numbers with Different Radices •
CVE-2023-24021 – modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass
https://notcve.org/view.php?id=CVE-2023-24021
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. El manejo incorrecto de los bytes '\0' en las cargas de archivos en ModSecurity anteriores a 2.9.7 puede permitir omisiones del Firewall de aplicaciones web y sobrelecturas del búfer en el Firewall de aplicaciones web al ejecutar reglas que leen la colección FILES_TMP_CONTENT. A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass. • https://github.com/SpiderLabs/ModSecurity/pull/2857 https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334 https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7 https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI https:/& • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •