ModSecurity / libModSecurity Security Update Advisory (CVE-2024-1019)

Jan 30 2024

Overview

An update has been made available to fix vulnerabilities in ModSecurity / libModSecurity. Users of affected versions are advised to update to the latest version.

Affected Products

ModSecurity / libModSecurity v3.0.0 through v3.0.11 and earlier

Resolved Vulnerabilities

Web application firewall (WAF) bypass vulnerability due to a crafted request URL in ModSecurity / libModSecurity (CVE 2024-1019)

Vulnerability Patches

Vulnerability patches were made available in the January 30, 2024 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

ModSecurity / libModSecurity version 3.0.12

Referenced Sites

[1] CVE-2024-1019 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-1019
[2] ModSecurity v3 WAF bypass (severity HIGH)
https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30

ModSecurity / libModSecurity Security Update Advisory (CVE-2024-1019)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

WordPress Product Security Update Advisory (CVE-2023-6933)

Runc Package Security Update Advisory (CVE-2024-21626)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

WordPress Product Security Update Advisory (CVE-2023-6933)

Runc Package Security Update Advisory (CVE-2024-21626)