Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.

Published

2023-04-28T04:15:38.017

Last Modified

2025-07-03T20:59:18.650

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-400
Type: Secondary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	owasp	modsecurity	< 3.0.9	Yes

References

https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/ Release Notes ([email protected])
https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)