965 matches found
CVE-2022-48279
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase...
CVE-2023-24021
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...
ModSecurity 安全漏洞
ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache Web Server or as a standalone application to enhance the security of Web applications and protect them from known and unknown attacks. A security vulnerability exists in ModSecurity versions prior ...
CVE-2023-24021
CVE-2023-24021 affects ModSecurity’s handling of file uploads via the FILES_TMP_CONTENT collection, due to incorrect handling of '\0' bytes. The vulnerability can enable Web Application Firewall bypasses and buffer over-reads on the WAF when rules read FILES_TMP_CONTENT. Affected product: ModSecu...
PT-2023-6757 · Apache +4 · Apache +4
Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.7 Description: The issue is related to errors in security settings of the WAF engine for Apache ModSecurity. It may allow a remote attacker to bypass existing firewall rules. The problem also involves incorre...
CVE-2022-48279
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase...
ModSecurity 安全漏洞
ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache Web Server or as a standalone application to enhance Web application security and protect Web applications from known and unknown attacks. A security vulnerability exists in ModSecurity versions...
PT-2023-9179 · Unknown +6 · Modsecurity +6
Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.6 ModSecurity versions 3.x prior to 3.0.8 Description: The issue is related to the incorrect parsing of HTTP multipart requests, which could allow an attacker to bypass the Web Application Firewall. This is d...
CVE-2022-48279
CVE-2022-48279 affects ModSecurity; HTTP multipart requests could bypass the Web Application Firewall in versions before 2.9.6 and in 3.x before 3.0.8. Connected sources show patched releases (2.9.6+, 3.0.8+) and downstream updates (Debian, Fedora, Amazon Linux, etc.). No exploit details are prov...
CVE-2023-24021
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...
CVE-2023-24021
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...
CVE-2022-48279
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase...
Fedora 35 : mod_security / mod_security_crs (2022-85a85c84b3)
The remote Fedora 35 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-85a85c84b3 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Fedora 36 : mod_security / mod_security_crs (2022-90708b46e3)
The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-90708b46e3 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Fedora 36 : libmodsecurity (2022-afa1e7b6c4)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-afa1e7b6c4 advisory. Update to maintenance release 3.0.8 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...
Exploit for Uncontrolled Recursion in Owasp Modsecurity
Detection-and-Mitigation-script-for-CVE-2021-42717 Detection a...
Fedora: Security Advisory for libmodsecurity (FEDORA-2022-90453044f3)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 37 Update: libmodsecurity-3.0.8-1.fc37
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...
[SECURITY] Fedora 37 Update: mod_security-2.9.6-1.fc37
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...
Fedora: Security Advisory for libmodsecurity (FEDORA-2022-afa1e7b6c4)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...