15 matches found
Fedora 37 : mod_security / mod_security_crs (2022-1fd73a5285)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-1fd73a5285 advisory. - version update - security fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
RHEL 9 : mod_security_crs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...
RHEL 8 : mod_security_crs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...
Mageia: Security Advisory (MGASA-2024-0070)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202305-25 : OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-25 OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities - OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...
[SECURITY] [DLA 3293-1] modsecurity-crs security update
Debian LTS Advisory DLA-3293-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost January 30, 2023 https://wiki.debian.org/LTS Package : modsecurity-crs Version : 3.2.3-0+deb10u3 CVE ID : CVE-2018-16384 CVE-2020-22669 CVE-2021-35368 CVE-2022-39955 CVE-2022-39956...
Fedora 35 : mod_security / mod_security_crs (2022-85a85c84b3)
The remote Fedora 35 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-85a85c84b3 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Fedora 36 : mod_security / mod_security_crs (2022-90708b46e3)
The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-90708b46e3 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Fedora: Security Advisory for mod_security_crs (FEDORA-2022-1fd73a5285)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for mod_security_crs (FEDORA-2022-90708b46e3)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for mod_security (FEDORA-2022-90708b46e3)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for mod_security_crs (FEDORA-2022-85a85c84b3)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-39955
creationtimestamp| type| source ---|---|--- 2022-09-20 12:39:07+00:00| seen| https://t.me/cibsecurity/50128 2023-01-20 11:00:21+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/7582 2023-01-20 20:25:07+00:00| published-proof-of-concept| https://t.me/crackcodes/2342...
CVE-2022-39955 Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header
The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...
CVE-2022-39955
This CVE concerns the OWASP ModSecurity Core Rule Set (CRS) with a partial rule set bypass caused by a specially crafted HTTP Content-Type header that signals multiple charset encodings. A vulnerable backend could bypass CRS Content-Type charset allow lists, allowing an encoded payload to bypass ...