SB2023091438 - Ubuntu update for modsecurity-apache

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023091438

SB2023091438 - Ubuntu update for modsecurity-apache

Published: September 14, 2023

Security Bulletin ID SB2023091438
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Uncontrolled Recursion (CVE-ID: CVE-2021-42717)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion when processing excessively nested JSON objects. A remote attacker can send a specially crafted HTTP request and consume all available worker processes and CPU resources.


2) Input validation error (CVE-ID: CVE-2022-48279)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when parsing HTTP multipart requests. A remote attacker can send specially crafted input to the application and bypass the Web Application Firewall.


3) Buffer overflow (CVE-ID: CVE-2023-24021)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when executing rules that read the FILES_TMP_CONTENT collection. A remote attacker can upload a specially crafted file on the system, trigger memory corruption and execute arbitrary code on the target system or bypass implemented WAF protection rules.


Remediation

Install update from vendor's website.

References