CVE-2021-42717 vulnerability in Trustwave and Other Products
Published on December 7, 2021

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.

Vendor Advisory NVD

Products Associated with CVE-2021-42717

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-42717 are published in these products:

Trustwave Modsecurity

F5 Networks Nginx Modsecurity Waf

Debian Linux

Oracle Http Server

Oracle Zfs Storage Appliance Kit

Canonical Ubuntu Linux

OWASP Modsecurity

Exploit Probability

EPSS

2.04%

Percentile

83.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-42717 vulnerability in Trustwave and Other ProductsPublished on December 7, 2021

Products Associated with CVE-2021-42717

Exploit Probability

CVE-2021-42717 vulnerability in Trustwave and Other Products
Published on December 7, 2021