Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
modsecurity owasp modsecurity core rule set vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x prior to 3.1.2, 3.2.x prior to 3.2.1, and 3.3.x prior to 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
446
VMScore
CVE-2018-16384
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
Owasp Owasp Modsecurity Core Rule Set
Owasp Owasp Modsecurity Core Rule Set 3.1.0
445
VMScore
CVE-2019-13464
An issue exists in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.
Modsecurity Owasp Modsecurity Core Rule Set 3.0.2
445
VMScore
CVE-2019-11389
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repe...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11391
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repeti...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11388
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the...
Modsecurity Owasp Modsecurity Core Rule Set
445
VMScore
CVE-2019-11390
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning an...
Modsecurity Owasp Modsecurity Core Rule Set
383
VMScore
CVE-2019-11387
An issue exists in OWASP ModSecurity Core Rule Set (CRS) up to and including 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote malicious users to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
Modsecurity Owasp Modsecurity Core Rule Set
NA
CVE-2023-38199
coreruleset (aka OWASP ModSecurity Core Rule Set) up to and including 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow malicious users to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and...
Owasp Coreruleset
NA
CVE-2022-39957
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this res...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »