Debian 10: DLA-3293-1 Moderate: Modsecurity-CRS Bypass Risks
debian lts
January 30, 2023
Multiple issues were found in modsecurity-crs, a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls, which allows remote attacke...
Summary
If you are using modsecurity-crs with apache2 / libapache2-modsecurity, please
make sure to review your modsecurity configuration, usually
/etc/modsecurity/modsecurity.conf, against the updated recommended
configration, available in /etc/modsecurity/modsecurity.conf-recommended:
Some of the changes to the recommended rules are required to avoid WAF bypasses
in certain circumstances.
Please note that CVE-2022-39956 requires an updated modsecurity-apache packge,
which has been previously uploaded to buster-security, see Debian LTS Advisory
DLA-3283-1 for details.
If you are using some other solution in connection with the
modsecurity-ruleset, for example one that it is using libmodsecurity3, your
solution might error out with an error message like "Error creating rule:
Unknown variable: MULTIPART_PART_HEADERS". In this case you can disable the
mitigation for CVE-2022-29956 by removing the rule file
REQUEST-922-MULTIPART-ATTACK.conf. However, be aware that this will disable
PREVIOUS
NEXT
Package: modsecurity-crsVersion : 3.2.3-0+deb10u3
CVE ID: CVE-2018-16384 CVE-2020-22669 CVE-2021-35368 CVE-2022-39955
Debian Bug: 924352 992000 1021137
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!