28 matches found
EUVD-2022-50981
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-39956
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character...
Fedora 37 : mod_security / mod_security_crs (2022-1fd73a5285)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-1fd73a5285 advisory. - version update - security fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
RHEL 9 : mod_security (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecurity: lacking the complete content in FILESTMPCONTENT leads to web application firewall bypass...
RHEL 8 : mod_security_crs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...
RHEL 8 : mod_security (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecurity: lacking the complete content in FILESTMPCONTENT leads to web application firewall bypass...
RHEL 9 : mod_security_crs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...
RHEL 7 : mod_security_crs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...
OESA-2024-1375 mod_security security update
This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...
OESA-2024-1334 mod_security security update
This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...
BIT-MODSECURITY2-2022-48279
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase...
Amazon Linux AMI : mod24_security (ALAS-2023-1772)
The version of mod24security installed on the remote host is prior to 2.8.0-5.28. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1772 advisory. In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web...
Amazon Linux 2 : mod_security (ALAS-2023-2098)
The version of modsecurity installed on the remote host is prior to 2.9.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2098 advisory. In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the...
Amazon Linux AMI : mod_security (ALAS-2023-1763)
The version of modsecurity installed on the remote host is prior to 2.8.0-5.28. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1763 advisory. In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web...
GLSA-202305-25 : OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-25 OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities - OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...
Fedora 37 : mod_security (2023-09f0496e60)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-09f0496e60 advisory. - new version 2.9.7 - switch to PCRE2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
EulerOS 2.0 SP8 : mod_security (EulerOS-SA-2023-1601)
According to the versions of the modsecurity package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application...
[SECURITY] [DLA 3293-1] modsecurity-crs security update
Debian LTS Advisory DLA-3293-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost January 30, 2023 https://wiki.debian.org/LTS Package : modsecurity-crs Version : 3.2.3-0+deb10u3 CVE ID : CVE-2018-16384 CVE-2020-22669 CVE-2021-35368 CVE-2022-39955 CVE-2022-39956...
Debian dla-3283 : libapache2-mod-security2 - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3283 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3283-1 [email protected]...
Code injection
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase...