Incorrect handling of 0 bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Modsecurity | Trustwave | * | 2.9.7 (excluding) |