Back to bug 2226930
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-07-27 04:14:34 UTC | CC | csutherl, jclere, mturk, peholase, pjindal, plodge, szappis | |
| Sandipan Roy | 2023-07-27 04:14:46 UTC | Blocks | 2226931 | |
| Sandipan Roy | 2023-07-27 04:16:07 UTC | Depends On | 2226932, 2226933 | |
| TEJ RATHI | 2023-07-27 04:29:45 UTC | CC | hhorak, jorton | |
| TEJ RATHI | 2023-07-27 04:35:19 UTC | Fixed In Version | ModSecurity 3.0.10 | |
| TEJ RATHI | 2023-07-28 05:27:09 UTC | Depends On | 2227131 | |
| TEJ RATHI | 2023-07-28 05:28:40 UTC | Summary | TRIAGE-CVE-2023-38285 mod_security: DoS Vulnerability in Four Transformations | CVE-2023-38285 mod_security: DoS Vulnerability in Four Transformations |
| Alias | TRIAGE-CVE-2023-38285 | CVE-2023-38285 | ||
| TEJ RATHI | 2023-07-28 05:40:24 UTC | Doc Text | A vulnerability was found in Trustwave's ModSecurity project, caused by an inefficient algorithmic complexity flaw. This issue is present in four transformation actions such as removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a specially crafted request, an attacker could exploit this vulnerability to cause a denial of service condition. | |
| TEJ RATHI | 2023-07-28 05:42:11 UTC | Doc Text | A vulnerability was found in Trustwave's ModSecurity project, caused by an inefficient algorithmic complexity flaw. This issue is present in four transformation actions such as removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a specially crafted request, an attacker could exploit this vulnerability to cause a denial of service condition. | A vulnerability was found in Trustwave's ModSecurity project, caused by an inefficient algorithmic complexity flaw. This issue is present in four transformation actions such as removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could exploit this vulnerability to trigger worst-case performance, causing a denial of service condition. |
| Paige Jung | 2023-07-28 16:27:48 UTC | Doc Text | A vulnerability was found in Trustwave's ModSecurity project, caused by an inefficient algorithmic complexity flaw. This issue is present in four transformation actions such as removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could exploit this vulnerability to trigger worst-case performance, causing a denial of service condition. | A vulnerability was found in Trustwave's ModSecurity project due to an inefficient algorithmic complexity flaw. This issue is present in four transformation actions: removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could trigger worst-case performance, causing a denial of service. |
| Product Security DevOps Team | 2023-08-01 11:58:31 UTC | Resolution | --- | NOTABUG |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-08-01 11:58:31 UTC |
Back to bug 2226930