Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

trustwave modsecurity vulnerabilities and exploits

(subscribe to this query)

7.5
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity....
Trustwave Modsecurity
5.3
CVSSv3
CVE-2019-25043
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header....
Trustwave Modsecurity
7.5
CVE-2023-28882
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations....
Trustwave Modsecurity
6.1
CVSSv3
CVE-2018-13065
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...
Trustwave Modsecurity 3.0.0
NA
CVE-2009-1902
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference....
Trustwave ModsecurityFedoraproject Fedora 9Fedoraproject Fedora 10
NA
CVE-2009-1903
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method....
Trustwave ModsecurityFedoraproject Fedora 9Fedoraproject Fedora 10
7.5
CVSSv3
CVE-2020-15598
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions...
Trustwave ModsecurityDebian Debian Linux 10.0
7.5
CVE-2023-24021
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection....
Trustwave ModsecurityDebian Debian Linux 10.0
NA
CVE-2009-5031
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the...
Trustwave ModsecurityOpensuse Opensuse 11.4Opensuse Opensuse 12.2Opensuse Opensuse 12.3
7.5
CVE-2022-48279
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase....
Trustwave ModsecurityDebian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XSSCVE-2023-48314CVE-2023-6376CVE-2023-46384arbitrary codeCVE-2023-42917CVE-2023-48842CVE-2023-42916firewall
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook