Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owasp owasp modsecurity core rule set vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2018-16384
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
Owasp Owasp Modsecurity Core Rule Set
Owasp Owasp Modsecurity Core Rule Set 3.1.0
383
VMScore
CVE-2019-11387
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11388
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11389
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repe...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11390
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning an...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11391
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repeti...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-13464
An issue exists in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.
Modsecurity Owasp Modsecurity Core Rule Set 3.0.2
NA
CVE-2020-22669
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applicatio...
Owasp Owasp Modsecurity Core Rule Set 3.2.0
Debian Debian Linux 10.0
668
VMScore
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x prior to 3.1.2, 3.2.x prior to 3.2.1, and 3.3.x prior to 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
NA
CVE-2022-39955
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »