Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trustwave modsecurity vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-1915
ModSecurity prior to 2.7.3 allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External ...
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Fedoraproject Fedora 19
Debian Debian Linux 6.0
Debian Debian Linux 7.0
5
CVSSv2
CVE-2021-42717
ModSecurity 3.x up to and including 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy...
Trustwave Modsecurity
F5 Nginx Modsecurity Waf R25
F5 Nginx Modsecurity Waf R24
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
5
CVSSv2
CVE-2019-25043
ModSecurity 3.x prior to 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
Trustwave Modsecurity
5
CVSSv2
CVE-2020-15598
Trustwave ModSecurity 3.x up to and including 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular ...
Trustwave Modsecurity
Debian Debian Linux 10.0
5
CVSSv2
CVE-2019-19886
Trustwave ModSecurity 3.0.0 up to and including 3.0.3 allows an malicious user to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transac...
Trustwave Modsecurity
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5
CVSSv2
CVE-2013-5705
apache2/modsecurity.c in ModSecurity prior to 2.7.6 allows remote malicious users to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
Trustwave Modsecurity
Debian Debian Linux 7.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2013-2765
The ModSecurity module prior to 2.7.4 for the Apache HTTP Server allows remote malicious users to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
1 EDB exploit
5
CVSSv2
CVE-2012-4528
The mod_security2 module prior to 2.7.0 for the Apache HTTP Server allows remote malicious users to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Fedoraproject Fedora 18
1 EDB exploit
5
CVSSv2
CVE-2009-1902
The multipart processor in ModSecurity prior to 2.5.9 allows remote malicious users to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
Trustwave Modsecurity
Fedoraproject Fedora 9
Fedoraproject Fedora 10
1 EDB exploit
4.3
CVSSv2
CVE-2018-13065
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured
Trustwave Modsecurity 3.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »