965 matches found
CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
DEBIAN-CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
Path traversal
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
UBUNTU-CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
CVE-2024-1019
CVE-2024-1019 affects ModSecurity/libModSecurity versions 3.0.0 through 3.0.11. The root cause is that request URLs are percent-decoded before separating the path and query string, causing an impedance mismatch with RFC-compliant back-ends and allowing an attacker to hide a payload in the URL pat...
CVE-2024-1019 WAF bypass of the ModSecurity v3 release line
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
ModSecurity Security Vulnerabilities
ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache Web Server or as a standalone application to enhance the security of Web applications and protect them from known and unknown attacks. A security vulnerability exists in ModSecurity libModSecurity...
PT-2024-1513 · Unknown +2 · Libmodsecurity +3
Name of the Vulnerable Software and Affected Versions: ModSecurity / libModSecurity versions 3.0.0 through 3.0.11 Description: The issue is related to a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in...
The vulnerability of the WAF engine for Apache ModSecurity, related to security configuration errors, allows attackers to bypass existing network firewall rules.
The vulnerability of the WAF engine for Apache ModSecurity is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass existing network firewall rules...
openSUSE 15 Security Update : modsecurity (openSUSE-SU-2023:0269-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0269-1 advisory. - DISPUTED Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports Trustwave has...
openSUSE 15 Security Update : modsecurity (openSUSE-SU-2023:0257-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0257-1 advisory. - DISPUTED Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports Trustwave has...
Security update for modsecurity (moderate)
openSUSE Security Update: Security update for modsecurity Announcement ID: openSUSE-SU-2023:0269-1 Rating: moderate References: 1210993 1213702 Cross-References: CVE-2020-15598 CVE-2021-42717 CVE-2023-28882 CVE-2023-38285 CVSS scores: CVE-2020-15598 NVD : 7.5...
OPENSUSE-SU-2023:0269-1 Security update for modsecurity
This update for modsecurity fixes the following issues: Update to version 3.0.10: Security impacting issue fix boo1213702, CVE-2023-38285 - Fix: worst-case time in implementation of four transformations - Additional information on this issue is available at...
OPENSUSE-SU-2023:0257-1 Security update for modsecurity
This update for modsecurity fixes the following issues: Update to version 3.0.10: Security impacting issue fix boo1213702, CVE-2023-38285 - Fix: worst-case time in implementation of four transformations - Additional information on this issue is available at...
WAF Bypass
Modsecurity is vulnerable to WAF bypass attack. This issue is due to HTTP multipart requests being incorrectly parsed. The attacker could obtain unauthorized resource by exploiting this vulnerability...
Ubuntu: Security Advisory (USN-6370-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6370-1: ModSecurity vulnerabilities
It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-42717 It was discovered that ModSecurity incorrect...
USN-6370-1 modsecurity-apache vulnerabilities
It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-42717 It was discovered that ModSecurity incorrect...