MGASA-2023-0175

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2022-48279 CVE-2023-24021

Published: 21 May 2023, 08:42

Last modified:16 Apr 2026, 04:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 May 2023, 08:42

Published

Vulnerability first disclosed

16 Apr 2026, 04:22

Last Modified

Vulnerability information updated

Description

Updated apache-mod_security packages fix security vulnerability HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall (CVE-2022-48279) Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. (CVE-2023-24021)

Affected Systems

mageia•apache-mod_security
< 2.9.7-1.mga8

References (4)

https://advisories.mageia.org/MGASA-2023-0175.html
https://bugs.mageia.org/show_bug.cgi?id=31457
https://www.debian.org/lts/security/2023/dla-3283
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/