ModSecurity < 2.5.9 - Remote Denial of Service

============================================= INTERNET SECURITY AUDITORS ALERT 2009-001 - Original release date: February 25th, 2009 - Last revised: March 19th, 2009 - Discovered by: Juan Galiana Lara - Severity: 7.8/10 CVSS Base Scored ============================================= I. VULNERABILI...

ModSecurity多个拒绝服务漏洞

BUGTRAQ ID: 34096 modsecurity是经常与PHP结合使用的Web应用防火墙。 如果启用了PDF跨站脚本防护的话，提交给PDF文件的非GET请求会导致httpd进程崩溃；此外如果modsecurity解析了缺少部分首部名称的多部内容的话，可能导致Apache崩溃。 Breach Security modsecurity 2.5.8 Breach Security modsecurity 2.5.6 Breach Security modsecurity 2.5.5 厂商补丁： Breach Security ---------------...

[SECURITY] Fedora 10 Update: mod_security-2.5.9-1.fc10

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...

ModSecurity Detection

Binary data 4956.prm...

ModSecurity 'SecCacheTransformations' Security Bypass Vulnerability

ModSecurity is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ModSecurity 'SecCacheTransformations' Security Bypass Vulnerability

This host is running ModSecurity and is prone to Security Bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodmodsecuritysecbypassvuln.nasl 4522 2016-11-15 14:52:19Z teissa $ ModSecurity 'SecCacheTransformations' Security Bypass Vulnerability Authors: Sujit Ghosal Copyright: Copyright c...

CVE-2008-5676

Multiple unspecified vulnerabilities in the ModSecurity aka modsecurity module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service daemon crash or bypass the product's functionality via unknown vectors relate...

CVE-2008-5676

Multiple unspecified vulnerabilities in the ModSecurity aka modsecurity module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service daemon crash or bypass the product's functionality via unknown vectors relate...

Code injection

Multiple unspecified vulnerabilities in the ModSecurity aka modsecurity module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service daemon crash or bypass the product's functionality via unknown vectors relate...

CVE-2008-5676

ModSecurity (mod_security) for the Apache HTTP Server is affected by CVE-2008-5676. The issue affects ModSecurity versions 2.5.0 through 2.5.5 when SecCacheTransformations is enabled, allowing remote attackers to cause a denial of service (daemon crash) or bypass the product’s functionality via u...

CVE-2008-5676

Multiple unspecified vulnerabilities in the ModSecurity aka modsecurity module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service daemon crash or bypass the product's functionality via unknown vectors relate...

CVE-2007-1359

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

Design/Logic Flaw

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

CVE-2007-1359

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

CVE-2007-1359

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

CVE-2007-1359

ModSecurity (mod_security)

Anti-Scanner Defenses (HTTP)

It seems that the remote web server rejects HTTP requests from the Scanner. It is probably protected by a reverse proxy, WAF or IDS/IPS. SPDX-FileCopyrightText: 2005 Michel Arboi SPDX-FileCopyrightText: New / improved detection code since 2018 Greenbone AG Some text descriptions might be excerpte...

[Full-disclosure] CastleCops phpBB bbcode Input Validation Disclosure

CASTLECOPS.COM SUMMARY bbcode input validation Severity: High CastleCops: http://castlecops.com/t123194-.html CVE: CAN-2005-1193 phpBB Security ID: 266 Bugtraq ID: 13545 Secunia : 15298 US-CERT VU: 113196 SecurityTracker : 1013918 Vulnerable: viewtopic.php, privmsg.php for phpBB 2.0.14 possible a...

CVE-2004-1765

CVE-2004-1765 describes an off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x when SecFilterScanPost is enabled, allowing remote attackers to execute arbitrary code via crafted POST requests. The OpenVAS and Nessus/OpenVAS-derived feeds corroborate a remote overflow con...

CVE-2004-1765

Off-by-one buffer overflow in ModSecurity modsecurity 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests...