CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

Code injection

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

UBUNTU-CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

CVE-2019-19886

The CVE affects Trustwave ModSecurity v3 (libmodsecurity), specifically versions 3.0.0–3.0.3, where a flaw in Transaction::addRequestHeader in transaction.cc can cause denial of service when crafted requests are sent rapidly in large volumes. Reported impact is server slowdown or unavailability. ...

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

PT-2020-10284 · Trustwave · Modsecurity

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.0 through 3.0.3 Description: The issue allows an attacker to send crafted requests that may lead to the server becoming slow or unresponsive due to a flaw in Transaction::addRequestHeader in transaction.cc...

CVE-2016-10771

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing SEC-165...

CVE-2016-10771

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing SEC-165...

Design/Logic Flaw

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing SEC-165...

CVE-2016-10771

CVE-2016-10771 affects cPanel before 60.0.25, allowing file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). The issue resides in the ModSecurity audit logfile processing path, enabling unauthorized changes to filesystem state. Multiple connected sources cor...

CVE-2016-10771

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing SEC-165...

CVE-2016-10817

cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file SEC-123...

CVE-2016-10817

cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file SEC-123...

Sql injection

cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file SEC-123...

CVE-2016-10817

cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file SEC-123...

CVE-2016-10817

CVE-2016-10817 affects cPanel prior to version 57.9999.54, where a SQL injection is possible via the ModSecurity TailWatch log file (SEC-123). Affected software is explicitly stated as cPanel; root cause is unvalidated SQL operations exposed through TailWatch. Impact is defined as high/critical i...

JShielder v2.4 - Hardening Script For Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G

JSHielder is an Open Source Bash Script developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

AZL-44598 CVE-2019-13464 affecting package mod_security_crs 3.0.0-11

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...