NA

CVE-2020-15598

Vulnerability Summary

ModSecurity v3 Affected By DoS (Severity HIGH). ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global matching of regular expressions. The combination of a non-anchored regular expression and the ModSecurity “capture” action can be exploited via a specially crafted payload. While ModSecurity v2.x used to quit the execution of a regular expression after the first match. ModSecurity v3.0.x silently changed the behavior to global matching. This results in a DoS for existing non-anchored regexes containing the “capture” action. It also fills the TX variable space beyond the documented limit of 10 instances. The defense is handicapped due to the absence of the SecRequestBodyNoFilesLimit directive. The vendor Trustwave Spiderlabs dropped this functionality for ModSecurity v3.

Vulnerability Trend

Vendor Advisories

Ervin Hegedues discovered that ModSecurity v3 enabled global regular expression matching which could result in denial of service For additional information please refer to corerulesetorg/20200914/cve-2020-15598/ For the stable distribution (buster), this problem has been fixed in version 303-1+deb10u2 We recommend that you upgrade your ...

Mailing Lists

ModSecurity v30x is affected by a Denial of Service vulnerability due to the global matching of regular expressions The combination of a non-anchored regular expression and the ModSecurity “capture” action can be exploited via a specially crafted payload While ModSecurity v2x used to quit the execution of a regular expression after the fi ...