ModSecurity WAF Flaw Let Hackers Trigger DoS Attack

Trustwave’s initiating-source Internet Application Firewall (WAF) engine, ModSecurity, faces DoS possibility attributable to four transformation actions vulnerability.

Cybersecurity researchers at Trustwave recognized this flaw and alerted the ModSecurity crew about their detection. The vulnerability became as soon as tracked as CVE-2023-38285.

On the alternative hand, the safety builders on the ModSecurity crew fixed this flaw by releasing the fixes in v3.0.10, whereas the v2 of ModSecurity is just not affected.

ModSecurity affords a large option of transformation actions to change worth representation for improved processing comfort and diminished rule evasion dangers.

Detection Alert

The ModSecurity crew became as soon as notified of the DoS distress in v3, and the impacted transformations are:-

• removeWhitespace
• removeNull
• replaceNull
• removeCommentsChar

Though functionally excellent, the impacted transformations proved inefficient towards worst-case performance per maliciously crafted HTTP requests.

To prevent necessary delays, configure general objects love SecRequestBodyNoFilesLimit, the usage of the suggested default worth of 131072 in modsecurity.conf-suggested.

No topic the limit, a dozen or more transformation executions could soundless reason just a few seconds of extend per HTTP transaction.

Rather than this, a prime volume of simultaneous malicious requests could crush the earn server, which capability that, this could possibly extend the responses to professional ones.

Advice

If the on the spot toughen is impractical, alternative mitigations exist for affected installations. Bigger values have a bigger influence on sources than a large option of smaller ones attributable to the distress’s nature.

Incorporate a separate ModSecurity rule to limit processed worth sizes, allowing unchecked facing of professional suppose.