Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trustwave modsecurity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional qu...
Trustwave Modsecurity
1 Github repository
NA
CVE-2023-38285
Trustwave ModSecurity 3.x prior to 3.0.10 has Inefficient Algorithmic Complexity.
Trustwave Modsecurity
NA
CVE-2023-28882
Trustwave ModSecurity 3.0.5 up to and including 3.0.8 prior to 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Trustwave Modsecurity
NA
CVE-2023-24021
Incorrect handling of '\0' bytes in file uploads in ModSecurity prior to 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
Trustwave Modsecurity
Debian Debian Linux 10.0
NA
CVE-2022-48279
In ModSecurity prior to 2.9.6 and 3.x prior to 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Trustwave Modsecurity
Debian Debian Linux 10.0
445
VMScore
CVE-2021-42717
ModSecurity 3.x up to and including 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy...
Trustwave Modsecurity
F5 Nginx Modsecurity Waf R25
F5 Nginx Modsecurity Waf R24
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
445
VMScore
CVE-2019-25043
ModSecurity 3.x prior to 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
Trustwave Modsecurity
449
VMScore
CVE-2020-15598
Trustwave ModSecurity 3.x up to and including 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular ...
Trustwave Modsecurity
Debian Debian Linux 10.0
446
VMScore
CVE-2019-19886
Trustwave ModSecurity 3.0.0 up to and including 3.0.3 allows an malicious user to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transac...
Trustwave Modsecurity
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
383
VMScore
CVE-2018-13065
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured
Trustwave Modsecurity 3.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »