CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.

Published: Apr 28, 2023
Updated: May 5, 2023
CVE: CVE-2023-28882
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
trustwave / modsecurity	3.0.5	3.0.9

https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/

Vulnerability Database

289,697

CVE-2023-28882