Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
modsecurity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28882
Trustwave ModSecurity 3.0.5 up to and including 3.0.8 prior to 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Trustwave Modsecurity
NA
CVE-2023-38285
Trustwave ModSecurity 3.x prior to 3.0.10 has Inefficient Algorithmic Complexity.
Trustwave Modsecurity
4.3
CVSSv2
CVE-2018-13065
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured
Trustwave Modsecurity 3.0.0
5
CVSSv2
CVE-2020-15598
Trustwave ModSecurity 3.x up to and including 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular ...
Trustwave Modsecurity
Debian Debian Linux 10.0
NA
CVE-2022-48279
In ModSecurity prior to 2.9.6 and 3.x prior to 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Trustwave Modsecurity
Debian Debian Linux 10.0
NA
CVE-2023-24021
Incorrect handling of '\0' bytes in file uploads in ModSecurity prior to 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
Trustwave Modsecurity
Debian Debian Linux 10.0
5
CVSSv2
CVE-2021-42717
ModSecurity 3.x up to and including 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy...
Trustwave Modsecurity
F5 Nginx Modsecurity Waf R25
F5 Nginx Modsecurity Waf R24
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
4.3
CVSSv2
CVE-2009-1903
The PDF XSS protection feature in ModSecurity prior to 2.5.8 allows remote malicious users to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
Trustwave Modsecurity
Fedoraproject Fedora 9
Fedoraproject Fedora 10
5
CVSSv2
CVE-2009-1902
The multipart processor in ModSecurity prior to 2.5.9 allows remote malicious users to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
Trustwave Modsecurity
Fedoraproject Fedora 9
Fedoraproject Fedora 10
1 EDB exploit
5
CVSSv2
CVE-2013-5705
apache2/modsecurity.c in ModSecurity prior to 2.7.6 allows remote malicious users to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
Trustwave Modsecurity
Debian Debian Linux 7.0
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »