USN-6370-1: ModSecurity vulnerabilities
First published: Thu Sep 14 2023(Updated: )
It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42717) It was discovered that ModSecurity incorrectly handled certain HTTP multipart requests. A remote attacker could possibly use this issue to bypass ModSecurity restrictions. (CVE-2022-48279) It was discovered that ModSecurity incorrectly handled certain file uploads. A remote attacker could possibly use this issue to cause a buffer overflow and a firewall failure. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-24021)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libapache2-mod-security2 | <2.9.5-1ubuntu0.1~esm1 | 2.9.5-1ubuntu0.1~esm1 |
| =22.04 | ||
| All of | ||
| ubuntu/libapache2-mod-security2 | <2.9.3-1ubuntu0.1 | 2.9.3-1ubuntu0.1 |
| =20.04 | ||
| All of | ||
| ubuntu/libapache2-mod-security2 | <2.9.2-1ubuntu0.1~esm1 | 2.9.2-1ubuntu0.1~esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/libapache2-mod-security2 | <2.9.0-1ubuntu0.1~esm1 | 2.9.0-1ubuntu0.1~esm1 |
| =16.04 | ||
| All of | ||
| ubuntu/libapache2-modsecurity | <2.9.0-1ubuntu0.1~esm1 | 2.9.0-1ubuntu0.1~esm1 |
| =16.04 | ||
| All of | ||
| ubuntu/libapache2-mod-security2 | <2.7.7-2ubuntu0.1~esm1 | 2.7.7-2ubuntu0.1~esm1 |
| =14.04 | ||
| All of | ||
| ubuntu/libapache2-modsecurity | <2.7.7-2ubuntu0.1~esm1 | 2.7.7-2ubuntu0.1~esm1 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this ModSecurity vulnerability?
The vulnerability ID for this ModSecurity vulnerability is CVE-2021-42717.
What is the affected software for this vulnerability?
The affected software for this vulnerability is libapache2-mod-security2 version up to 2.9.5-1ubuntu0.1~esm1 on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability to cause a denial of service.
Which versions of Ubuntu are affected by this vulnerability?
This vulnerability affects Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
How do I fix this ModSecurity vulnerability?
To fix this ModSecurity vulnerability, update libapache2-mod-security2 to version 2.9.5-1ubuntu0.1~esm1 or higher.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04