965 matches found
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 ESM : ModSecurity vulnerabilities (USN-6370-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6370-1 advisory. It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use th...
CVE-2023-40586
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...
Design/Logic Flaw
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...
CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...
CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...
CVE-2023-40586
CVE-2023-40586 affects OWASP Coraza WAF (Go) where misuse of log.Fatalf in the multipart body processing leads to immediate crash when a crafted request triggers an error in mime.ParseMediaType. Patch is available in version 3.0.1; remediation is to upgrade to 3.0.1+ (or apply fix). The Red Hat/V...
CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...
modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass
A vulnerability was found in ModSecurity. This issue occurs when FILESTMPCONTENT lacks complete content, which can lead to a Web Application Firewall bypass...
mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity C language codebase...
modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass
A vulnerability was found in ModSecurity. This issue occurs when FILESTMPCONTENT lacks complete content, which can lead to a Web Application Firewall bypass...
mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity C language codebase...
Type Confusion
modsecurity-crs is vulnerable to Type Confusion. coreruleset does not block multiple Content-Type headers, which allows an attacker to bypass a WAF with a crafted payload, which occurs when the web application relies on only the last Content-Type headers...
CVE-2023-38285
A vulnerability was found in Trustwave's ModSecurity project due to an inefficient algorithmic complexity flaw. This issue is present in four transformation actions: removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could...
SUSE CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
CVE-2023-38285 vulnerabilities
Vulnerabilities for packages: modsecurity...
CVE-2023-38285 vulnerabilities
Vulnerabilities for packages: modsecurity...
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
DEBIAN-CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...