Release | Version |
---|---|
buster | 2.9.3-1+deb10u1 |
buster (security) | 2.9.3-1+deb10u2 |
bullseye | 2.9.3-3+deb11u1 |
bookworm | 2.9.7-1 |
sid | 2.9.7-1 |
Bug | buster | bullseye | bookworm | sid | Description |
---|---|---|---|---|---|
CVE-2023-24021 | fixed | vulnerable (no DSA) | fixed | fixed | Incorrect handling of '\0' bytes in file uploads in ModSecurity before ... |
CVE-2022-48279 | fixed | vulnerable (no DSA) | fixed | fixed | In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ... |
Bug | Description |
---|---|
CVE-2021-42717 | ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ... |
CVE-2013-5705 | apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attack ... |
CVE-2013-2765 | The ModSecurity module before 2.7.4 for the Apache HTTP Server allows ... |
CVE-2013-1915 | ModSecurity before 2.7.3 allows remote attackers to read arbitrary fil ... |
CVE-2012-4528 | The mod_security2 module before 2.7.0 for the Apache HTTP Server allow ... |
CVE-2012-2751 | ModSecurity before 2.6.6, when used with PHP, does not properly handle ... |
CVE-2009-5031 | ModSecurity before 2.5.11 treats request parameter values containing s ... |
DSA / DLA | Description |
---|---|
DLA-3283-1 | modsecurity-apache - security update |
DLA-3031-1 | modsecurity-apache - security update |
DSA-5023-1 | modsecurity-apache - security update |
DSA-2991-1 | modsecurity-apache - security update |