#VU59052 Uncontrolled Recursion in ModSecurity - CVE-2021-42717

Cybersecurity Help s.r.o.

Published: 2021-12-19

Vulnerability identifier: #VU59052

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-42717

CWE-ID: CWE-674

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ModSecurity
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Trustwave

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion when processing excessively nested JSON objects. A remote attacker can send a specially crafted HTTP request and consume all available worker processes and CPU resources.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ModSecurity: 2.8.0, 2.9.0 - 2.9.5, 3.0.0 - 3.0.5

External links
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in HPE OneView

Ubuntu update for modsecurity-apache

Fedora EPEL 7 update for libmodsecurity

Multiple vulnerabilities in Oracle HTTP Server

openEuler 20.03 LTS SP3 update for mod_security

Debian update for modsecurity-apache

Denial of service in ModSecurity

openEuler update for mod_security