Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
modsecurity vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2009-5031
ModSecurity prior to 2.5.11 treats request parameter values containing single quotes as files, which allows remote malicious users to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Conte...
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
505
VMScore
CVE-2013-2765
The ModSecurity module prior to 2.7.4 for the Apache HTTP Server allows remote malicious users to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
1 EDB exploit
446
VMScore
CVE-2019-19886
Trustwave ModSecurity 3.0.0 up to and including 3.0.3 allows an malicious user to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transac...
Trustwave Modsecurity
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
NA
CVE-2020-22669
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applicatio...
Owasp Owasp Modsecurity Core Rule Set 3.2.0
Debian Debian Linux 10.0
505
VMScore
CVE-2012-4528
The mod_security2 module prior to 2.7.0 for the Apache HTTP Server allows remote malicious users to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Fedoraproject Fedora 18
1 EDB exploit
668
VMScore
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x prior to 3.1.2, 3.2.x prior to 3.2.1, and 3.3.x prior to 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
NA
CVE-2022-39955
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
NA
CVE-2022-39956
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
NA
CVE-2022-39957
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this res...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
NA
CVE-2022-39958
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily ...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »