{"id":"MGASA-2023-0175","summary":"Updated apache-mod_security packages fix security vulnerability","details":"HTTP multipart requests were incorrectly parsed and could bypass the Web\nApplication Firewall (CVE-2022-48279)\nIncorrect handling of '\\0' bytes in file uploads in ModSecurity may allow\nfor Web Application Firewall bypasses and buffer over-reads on the Web\nApplication Firewall when executing rules that read the FILES_TMP_CONTENT\ncollection. (CVE-2023-24021)\n","modified":"2026-01-31T15:05:34.037506Z","published":"2023-05-21T08:42:44Z","related":["CVE-2022-48279","CVE-2023-24021"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0175.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31457"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2023/dla-3283"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/"}],"affected":[{"package":{"name":"apache-mod_security","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/apache-mod_security?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.7-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0175.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}