Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
modsecurity vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2008-5676
Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 up to and including 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote malicious users to cause a denial of service (daemon crash) or bypass the product...
Breach Modsecurity 2.5.1
Breach Modsecurity
Breach Modsecurity 2.5.4
Breach Modsecurity 2.5.3
Breach Modsecurity 2.5.2
383
VMScore
CVE-2019-11387
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11391
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repeti...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11389
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repe...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11388
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11390
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning an...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-13464
An issue exists in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.
Modsecurity Owasp Modsecurity Core Rule Set 3.0.2
446
VMScore
CVE-2018-16384
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
Owasp Owasp Modsecurity Core Rule Set
Owasp Owasp Modsecurity Core Rule Set 3.1.0
NA
CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional qu...
Trustwave Modsecurity
1 Github repository
NA
CVE-2023-38285
Trustwave ModSecurity 3.x prior to 3.0.10 has Inefficient Algorithmic Complexity.
Trustwave Modsecurity
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »