Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
CVE-2023-38285
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-38285
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38285.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-38285
Aliases
BIT-modsecurity-2023-38285
BIT-modsecurity2-2023-38285
Downstream
UBUNTU-CVE-2023-38285
openSUSE-SU-2023:0257-1
openSUSE-SU-2023:0269-1
openSUSE-SU-2024:13195-1
Related
CGA-42f7-86rw-56cq
openSUSE-SU-2023:0257-1
openSUSE-SU-2023:0269-1
openSUSE-SU-2024:13195-1
Published
2023-07-26T21:15:10Z
Modified
2025-09-24T12:09:29.232500Z
Severity
7.5 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Calculator
Summary
[none]
Details
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
References
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
Affected packages
Git
/
github.com/owasp-modsecurity/modsecurity
Affected ranges
Type
GIT
Repo
https://github.com/owasp-modsecurity/modsecurity
Events
Introduced
c1cd668acb820824e791ba802396c60900eae9c1
Fixed
ccc2d9b53632fb5088673bbaafedf0d8d4b5f1d8
Affected versions
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
CVE-2023-38285 - OSV