Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1
Next non-vulnerable version 3.0.14-1
Latest non-vulnerable version 3.0.14-1
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-93qw-yjha-tyce
Aliases:
CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
3.0.14-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-azf2-ue64-y7eb mod_security: DoS Vulnerability in Four Transformations CVE-2023-38285
VCID-kg7a-8fqh-mffc security update CVE-2021-42717
VCID-y8ty-2cp5-y3gm mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass CVE-2022-48279

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:14:15.213322+00:00 Debian Importer Affected by VCID-93qw-yjha-tyce https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:20:06.253165+00:00 Debian Importer Fixing VCID-y8ty-2cp5-y3gm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:36:21.288229+00:00 Debian Importer Fixing VCID-kg7a-8fqh-mffc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:31:19.615319+00:00 Debian Importer Fixing VCID-azf2-ue64-y7eb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:06:51.436031+00:00 Debian Importer Affected by VCID-93qw-yjha-tyce https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:42:52.090657+00:00 Debian Importer Fixing VCID-y8ty-2cp5-y3gm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:10:01.550782+00:00 Debian Importer Fixing VCID-kg7a-8fqh-mffc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:06:10.779696+00:00 Debian Importer Fixing VCID-azf2-ue64-y7eb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-08T20:03:42.178630+00:00 Debian Importer Affected by VCID-93qw-yjha-tyce https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:07:35.039376+00:00 Debian Importer Fixing VCID-y8ty-2cp5-y3gm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:45:38.160570+00:00 Debian Importer Fixing VCID-kg7a-8fqh-mffc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:43:08.219297+00:00 Debian Importer Fixing VCID-azf2-ue64-y7eb https://security-tracker.debian.org/tracker/data/json 38.1.0