| Release | Version |
|---|---|
| buster | 2.9.3-1+deb10u1 |
| buster (security) | 2.9.3-1+deb10u2 |
| bullseye | 2.9.3-3+deb11u1 |
| bookworm | 2.9.7-1 |
| sid | 2.9.7-1 |
| Bug | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|
| CVE-2023-24021 | fixed | vulnerable (no DSA) | fixed | fixed | Incorrect handling of '\0' bytes in file uploads in ModSecurity before ... |
| CVE-2022-48279 | fixed | vulnerable (no DSA) | fixed | fixed | In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ... |
| Bug | Description |
|---|---|
| CVE-2021-42717 | ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ... |
| CVE-2013-5705 | apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attack ... |
| CVE-2013-2765 | The ModSecurity module before 2.7.4 for the Apache HTTP Server allows ... |
| CVE-2013-1915 | ModSecurity before 2.7.3 allows remote attackers to read arbitrary fil ... |
| CVE-2012-4528 | The mod_security2 module before 2.7.0 for the Apache HTTP Server allow ... |
| CVE-2012-2751 | ModSecurity before 2.6.6, when used with PHP, does not properly handle ... |
| CVE-2009-5031 | ModSecurity before 2.5.11 treats request parameter values containing s ... |
| DSA / DLA | Description |
|---|---|
| DLA-3283-1 | modsecurity-apache - security update |
| DLA-3031-1 | modsecurity-apache - security update |
| DSA-5023-1 | modsecurity-apache - security update |
| DSA-2991-1 | modsecurity-apache - security update |