UbuntuUpdates.org

Package "modsecurity-apache"

Name: modsecurity-apache

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Tighten web applications security for Apache
Latest version: 2.9.3-1ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "modsecurity-apache" in Focal

Repository Area Version
updates universe 2.9.3-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.9.3-1ubuntu0.1 2023-09-14 14:06:45 UTC

  modsecurity-apache (2.9.3-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2021-42717.patch: added support for configurable
      limit on depth of JSON parsing.
  * SECURITY UPDATE: firewall failure
    - debian/patches/CVE-2022-48279.patch: fixed HTTP multipart parsing
      and added and new MULTIPART_PART_HEADERS collection.
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-24021.patch: fixed incomplete content in
      FILES_TMP_CONTENT.

 -- Allen Huang <email address hidden> Wed, 13 Sep 2023 12:12:51 +0100
CVE-2021-42717 ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in th
CVE-2022-48279 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE
CVE-2023-24021 Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on


About   -   Send Feedback to @ubuntu_updates