Medium: mod_security

Issue Overview: In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase. CVE-2022-48279...

OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

Background Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Description Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

GLSA-202305-25 : OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-25 OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities - OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

Wafaray - Enhance Your Malware Detection With WAF + YARA (WAFARAY)

WAFARAY is a LAB deployment based on Debian 11.3.0 stable x64 made and cooked between two main ingredients WAF + YARA to detect malicious files e.g. webshells, virus, malware, binaries typically through web functions upload files. Purpose In essence, the main idea came to use WAF + YARA YARA...

SUSE CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

CVE-2023-28882 vulnerabilities

Vulnerabilities for packages: modsecurity...

CVE-2023-28882 vulnerabilities

Vulnerabilities for packages: modsecurity...

CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

DEBIAN-CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

Design/Logic Flaw

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

UBUNTU-CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

ModSecurity 资源管理错误漏洞

ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache Web Server or as a standalone application to enhance Web application security and protect Web applications from known and unknown attacks. A security vulnerability exists in Trustwave ModSecurity...

CVE-2023-28882

CVE-2023-28882 affects Trustwave ModSecurity 3.0.5–3.0.8; before 3.0.9, certain inputs can trigger a segfault in the Transaction class, causing worker crashes and server unresponsiveness (DoS) in affected configurations. The issue is mitigated by upgrading to ModSecurity 3.0.9 or applying the ven...

PT-2023-22029 · Trustwave · Modsecurity

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.5 through 3.0.8 Description: The issue allows a denial of service, causing worker crash and unresponsiveness. This occurs because some inputs cause a segfault in the Transaction class for certain...

CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

Fedora 36 : mod_security (2023-8aa264d5c5)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8aa264d5c5 advisory. - new version 2.9.7 - switch to PCRE2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...