Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.9 views

Fedora 37 : mod_security / mod_security_crs (2022-1fd73a5285)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-1fd73a5285 advisory. - version update - security fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

9.8CVSS7.6AI score0.01115EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 9 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9.8CVSS9.7AI score0.01115EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 8 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9.8CVSS7.2AI score0.01115EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/19 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2024-0070)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.02542EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2023/05/21 12:0 a.m.40 views

GLSA-202305-25 : OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-25 OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities - OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.8CVSS7.6AI score0.02542EPSS
Exploits1References8
Debian
Debian
added 2023/01/30 6:35 p.m.49 views

[SECURITY] [DLA 3293-1] modsecurity-crs security update

Debian LTS Advisory DLA-3293-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost January 30, 2023 https://wiki.debian.org/LTS Package : modsecurity-crs Version : 3.2.3-0+deb10u3 CVE ID : CVE-2018-16384 CVE-2020-22669 CVE-2021-35368 CVE-2022-39955 CVE-2022-39956...

9.8CVSS7.1AI score0.02542EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2022/12/23 12:0 a.m.32 views

Fedora 35 : mod_security / mod_security_crs (2022-85a85c84b3)

The remote Fedora 35 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-85a85c84b3 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

9.8CVSS7.6AI score0.01115EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/12/22 12:0 a.m.33 views

Fedora 36 : mod_security / mod_security_crs (2022-90708b46e3)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-90708b46e3 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

9.8CVSS7.6AI score0.01115EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/11/11 12:0 a.m.29 views

Fedora: Security Advisory for mod_security_crs (FEDORA-2022-1fd73a5285)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.7AI score0.01115EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/10/16 12:0 a.m.23 views

Fedora: Security Advisory for mod_security_crs (FEDORA-2022-90708b46e3)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.7AI score0.01115EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/10/16 12:0 a.m.26 views

Fedora: Security Advisory for mod_security (FEDORA-2022-90708b46e3)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.7AI score0.01115EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/10/16 12:0 a.m.24 views

Fedora: Security Advisory for mod_security_crs (FEDORA-2022-85a85c84b3)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.7AI score0.01115EPSS
Exploits0References2
Circl
Circl
added 2022/09/20 12:39 p.m.7 views

CVE-2022-39955

creationtimestamp| type| source ---|---|--- 2022-09-20 12:39:07+00:00| seen| https://t.me/cibsecurity/50128 2023-01-20 11:00:21+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/7582 2023-01-20 20:25:07+00:00| published-proof-of-concept| https://t.me/crackcodes/2342...

9.8CVSS7.6AI score0.01115EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/20 12:0 a.m.10 views

CVE-2022-39955 Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

7.3CVSS6.5AI score0.01115EPSS
Exploits0References6
CVE
CVE
added 2022/09/20 12:0 a.m.108 views

CVE-2022-39955

This CVE concerns the OWASP ModSecurity Core Rule Set (CRS) with a partial rule set bypass caused by a specially crafted HTTP Content-Type header that signals multiple charset encodings. A vulnerable backend could bypass CRS Content-Type charset allow lists, allowing an encoded payload to bypass ...

9.8CVSS8AI score0.01115EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder