Information on source package modsecurity-apache

Available versions

ReleaseVersion
jessie2.8.0-3+deb8u2
stretch2.9.1-2+deb9u2
stretch (security)2.9.1-2+deb9u1
buster2.9.3-1+deb10u2
bullseye2.9.3-3+deb11u2
bullseye (security)2.9.3-3+deb11u1
bookworm2.9.7-1
trixie2.9.8-1
sid2.9.8-1

Resolved issues

BugDescription
CVE-2023-24021Incorrect handling of '\0' bytes in file uploads in ModSecurity before ...
CVE-2022-48279In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ...
CVE-2021-42717ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...
CVE-2013-5705apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attack ...
CVE-2013-2765The ModSecurity module before 2.7.4 for the Apache HTTP Server allows ...
CVE-2013-1915ModSecurity before 2.7.3 allows remote attackers to read arbitrary fil ...
CVE-2012-4528The mod_security2 module before 2.7.0 for the Apache HTTP Server allow ...
CVE-2012-2751ModSecurity before 2.6.6, when used with PHP, does not properly handle ...
CVE-2009-5031ModSecurity before 2.5.11 treats request parameter values containing s ...

Security announcements

DSA / DLADescription
ELA-792-1modsecurity-apache - security update
DLA-3283-1modsecurity-apache - security update
ELA-779-1modsecurity-apache - security update
DLA-3031-1modsecurity-apache - security update
ELA-619-1modsecurity-apache - security update
DSA-5023-1modsecurity-apache - security update
DSA-2991-1modsecurity-apache - security update

Search for package or bug name: Reporting problems