Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trustwave modsecurity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-5705
apache2/modsecurity.c in ModSecurity prior to 2.7.6 allows remote malicious users to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
Trustwave Modsecurity
Debian Debian Linux 7.0
Debian Debian Linux 8.0
NA
CVE-2013-2765
The ModSecurity module prior to 2.7.4 for the Apache HTTP Server allows remote malicious users to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
1 EDB exploit
NA
CVE-2013-1915
ModSecurity prior to 2.7.3 allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External ...
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Fedoraproject Fedora 19
Debian Debian Linux 6.0
Debian Debian Linux 7.0
NA
CVE-2012-4528
The mod_security2 module prior to 2.7.0 for the Apache HTTP Server allows remote malicious users to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Fedoraproject Fedora 18
1 EDB exploit
NA
CVE-2009-5031
ModSecurity prior to 2.5.11 treats request parameter values containing single quotes as files, which allows remote malicious users to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Conte...
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
NA
CVE-2012-2751
ModSecurity prior to 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote malicious users to bypass fil...
Trustwave Modsecurity
Opensuse Opensuse 12.3
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Oracle Http Server 11.1.1.6.0
NA
CVE-2009-1902
The multipart processor in ModSecurity prior to 2.5.9 allows remote malicious users to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
Trustwave Modsecurity
Fedoraproject Fedora 9
Fedoraproject Fedora 10
1 EDB exploit
NA
CVE-2009-1903
The PDF XSS protection feature in ModSecurity prior to 2.5.8 allows remote malicious users to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
Trustwave Modsecurity
Fedoraproject Fedora 9
Fedoraproject Fedora 10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2