18 matches found
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4Shell Security Lab — nginx + Coraza WAF Mục đích giáo...
CVE-2023-40586
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...
EUVD-2025-7160
Malicious code in bioql PyPI...
EUVD-2023-1768
Malicious code in bioql PyPI...
GO-2025-3537 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` in github.com/corazawaf/coraza
OWASP Coraza WAF has parser confusion which leads to wrong URI in REQUESTFILENAME in github.com/corazawaf/coraza...
CVE-2025-29914
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...
OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...
GHSA-Q9F5-625G-XM39 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...
CVE-2025-29914
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...
CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...
CVE-2025-29914
OWASP Coraza WAF (Go library, modsecurity-compatible) is affected by a parser confusion that yields a wrong REQUEST_FILENAME when the URI starts with //, enabling a potential rules bypass. The issue stems from how the parser maps // URIs to filesystem paths and is fixed in Coraza 3.3.3. Connected...
CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...
CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...
CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...
CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...
CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...
PT-2023-27522 · Owasp · Owasp Coraza Waf
Name of the Vulnerable Software and Affected Versions: OWASP Coraza WAF versions prior to 3.0.1 Description: The issue is caused by the misuse of log.Fatalf in the OWASP Coraza WAF library, which leads to the application crashing after receiving crafted requests from attackers. The application wi...
OWASP Coraza WAF - A Golang Modsecurity Compatible Web Application Firewall Library
Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity's seclang language and is 100% compatible with OWASP Core Ruleset. Prerequisites Linux distribution Debian and Centos are recommended, Windows i...