18 matches found
CVE-2026-33691
The CVE-2026-33691 issue affects OWASP CRS prior to versions 3.3.9 and 4.25.0, where whitespace padding in filenames bypasses the file-extension checks for dangerous extensions (.php, .phar, .jsp, .jspx) because the extension regex is not applied after normalizing whitespace. The vulnerability is...
CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...
[SECURITY] [DLA 4488-1] modsecurity-crs security update
Debian LTS Advisory DLA-4488-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost February 22, 2026 https://wiki.debian.org/LTS Package : modsecurity-crs Version : 3.3.4-1deb11u2 CVE ID : CVE-2023-38199 CVE-2026-21876 Debian Bug : 1041109 1125084 Multiple issues have be...
OESA-2026-1105 mod_security_crs security update
The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...
OESA-2026-1104 mod_security_crs security update
The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...
CVE-2026-21876
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...
CVE-2026-21876
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...
CVE-2026-21876 OWASP CRS has multipart bypass using multiple content-type parts
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...
Linux Distros Unpatched Vulnerability : CVE-2018-16384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function na...
Debian: Security Advisory (DLA-4265-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2020-22669
Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...
SpiderLabs OWASP ModSecurity Core Rule Set Remote Code Execution Vulnerability
SpiderLabs OWASP ModSecurity is a web application firewall engine.Core Rule Set CRS is one of the core rule sets. A security vulnerability exists in the SpiderLabs OWASP ModSecurity CRS that allows remote attackers to submit a special request and execute arbitrary code...
ModSecurity <= 2.5.9 (Core Rules <= 2.5-1.6.1) Filter Bypass Vuln
No description provided by source. ======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Cor...
Fedora 17 : mod_security-2.7.1-3.fc17 / mod_security_crs-2.2.6-3.fc17 (2012-18315)
Update to 2.7.1 - Update Core rules set to 2.2.6 - Fix build against libxml2 = 2.9 upstreamed - Add some missing directives RHBZ 569360 - Fix multipart/invalid part ruleset bypass issue CVE-2012-4528 RHBZ 867424, 867773, 867774 Note that Tenable Network Security has extracted the preceding...
ModSecurity <= 2.5.9 (Core Rules <= 2.5-1.6.1) Filter Bypass Vuln
Exploit for windows platform in category remote exploits ================================================================= ModSecurity = 2.5.9 Core Rules = 2.5-1.6.1 Filter Bypass Vuln ================================================================= Affected Software : ModSecurity = 2.5.9 using...
ModSecurity <= 2.5.9 (Core Rules <= 2.5-1.6.1) Filter Bypass Vuln
No description provided by source. ======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Cor...
ModSecurity 2.5.9 Filter Bypass
======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Core Rules = 2.5-1.6.1 Author :...
ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass
ModSecurity 2.5.9 Core Rules 2.5-1.6.1 - Filter Bypass ======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9...