ModSecurity SQL注入漏洞

ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache web server or as a standalone application to enhance the security of web applications and protect them from known and unknown attacks. A SQL injection vulnerability exists in ModSecurity...

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

CVE-2020-22669

CVE-2020-22669 affects the OWASP ModSecurity CRS; a SQL injection bypass exists in ModSecurity CRS versions including 3.2.0 PL1. Reports describe bypass via SQL syntax comments/variable assignments that defeat CRS protections. Debian and Mageia advisories indicate remediation by upgrading CRS to ...

PT-2022-8647 · Unknown +1 · Modsecurity +2

Name of the Vulnerable Software and Affected Versions: Modsecurity owasp-modsecurity-crs version 3.2.0 Description: The issue allows attackers to bypass Modsecurity WAF protection using comment characters and variable assignments in SQL syntax, enabling them to implement SQL injection attacks on...

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

Debian: Security Advisory (DLA-3031-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-3031-1 : modsecurity-apache - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3031 advisory. - ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being...

[SECURITY] [DLA 3031-1] modsecurity-apache security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3031-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 28, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

DLA-3031-1 modsecurity-apache - security update

Bulletin has no description...

OWASP Coraza WAF - A Golang Modsecurity Compatible Web Application Firewall Library

Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity's seclang language and is 100% compatible with OWASP Core Ruleset. Prerequisites Linux distribution Debian and Centos are recommended, Windows i...

Mageia: Security Advisory (MGASA-2013-0179)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Apache module for web application security enhancement, modsecurity-apache, related to errors in processing JSON objects, allows attackers to cause service failures.

The vulnerability of the Apache module for enhancing web application security, modsecurity-apache, is related to errors in processing JSON objects. Exploiting this vulnerability can allow a malicious actor to perform a denial-of-service attack...

MGASA-2021-0576 Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: ModSecurity mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP...

Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: ModSecurity mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP...

Debian: Security Advisory (DSA-5023-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5023-1 : modsecurity-apache - security update

The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5023 advisory. It was discovered that modsecurity-apache, an Apache module to tighten the Web application security, does not properly handles excessively nested JSON objects, which...

[SECURITY] [DSA 5023-1] modsecurity-apache security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5023-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 18, 2021 https://www.debian.org/security/faq -...

DSA-5023-1 modsecurity-apache - security update

Bulletin has no description...

OESA-2021-1464 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...