965 matches found
UBUNTU-CVE-2020-15598
DISPUTED Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in...
Default configuration
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial...
CVE-2020-15598
CVE-2020-15598 affects Trustwave ModSecurity 3.x up to 3.0.4, where denial of service can be triggered by a request that exploits how ModSecurity handles certain regular expressions. The description notes no default configuration issue and that an attacker would need to know the presence and natu...
CVE-2020-15598
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial...
CVE-2020-15598
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial...
Debian DSA-4765-1 : modsecurity - security update
Ervin Hegedues discovered that ModSecurity v3 enabled global regular expression matching which could result in denial of service. For additional information please refer to https://coreruleset.org/20200914/cve-2020-15598/ C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian: Security Advisory (DSA-4765-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4765-1] modsecurity security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4765-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 18, 2020 https://www.debian.org/security/faq -...
DSA-4765-1 modsecurity - security update
Bulletin has no description...
ModSecurity 3.0.x Denial Of Service Vulnerability
ModSecurity version 3.0.x suffers from a denial of service vulnerability due to the handling of regular expression matching. ModSecurity version 3.0.x is affected by a denial of service vulnerability due to the global matching of regular expressions. The combination of a non-anchored regular...
PT-2020-6759 · Trustwave · Modsecurity
Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.x through 3.0.4 Description: The issue is related to the handling of regular expressions in Trustwave ModSecurity, which can result in a Denial of Service condition. An attacker would need to know that a rule...
Testing ModSecurity for false positives by books texts
The main things that prevent enabling security solutions like WAF/RASP/IDS/IPS in a blocking mode are false positives. Probably the second one is their inline performance and additional latency, but still. As a cloud-native WAF vendor, we at Wallarm are actively checking our products for false...
[SECURITY] Fedora 31 Update: libmodsecurity-3.0.3-6.fc31
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...
[SECURITY] Fedora 30 Update: libmodsecurity-3.0.2-6.fc30
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...
[SECURITY] Fedora 32 Update: libmodsecurity-3.0.3-6.fc32
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...
Fedora: Security Advisory for libmodsecurity (FEDORA-2020-1b5b3b465d)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for libmodsecurity (FEDORA-2020-f7ba0ac7a4)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
DEBIAN-CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...