Security impacting issue Change REQUEST_FILENAME and REQUEST_BASENAME behavior [Issue #3048 - @martinhsv , @theMiddleBlue , @theseion , @M4tteoP , @airween ] WAF bypass of the ModSecurity v3 release line for path-based payloads by submitting a specially crafted request URL. For details, see CVE 2024-1019. Enhancements and bug fixes Set the minimum security protocol version (TLSv1.2) for SecRemoteRules [Issue security/code-scanning/2 - @airween ]
v3.0.12
Inhalt
| No data |
Quellen-Details
| Bezeichnung | Name | Kategorie | Tags | Zielgruppe | Sprache | Feed-URL |
|---|---|---|---|---|---|---|
| OWASP ModSecurity Releases | vendor_advisory | waf, modsecurity, owasp | - | de | https://github.com/owasp-modsecurity/ModSecurity/releases.atom |