Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.41 views

Oracle Solaris Third-Party Patch Update : modsecurity (cve_2012_2751_improper_input)

The remote Solaris system is missing necessary patches to address security updates : - ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...

7.5CVSS5.3AI score0.04208EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.44 views

openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1331-1)

complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to modsecurity2: /etc/apache2/conf.d/modsecurity2.conf loads /usr/share/apache2-modsecurity2/rules/modsecuritycrs1 0setup.conf, then...

7.5CVSS6.2AI score0.13719EPSS
Exploits8References10
Tenable Nessus
Tenable Nessus
added 2013/04/30 12:0 a.m.44 views

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:156)

A vulnerability has been found and corrected in apache-modsecurity : ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with...

7.5CVSS5.2AI score0.04208EPSS
Exploits1References1
seebug.org
seebug.org
added 2013/04/28 12:0 a.m.39 views

ModSecurity XML外部实体信息泄露漏洞(CVE-2013-1915)

Bugtraq ID:58810 CVE ID:CVE-2013-1915 ModSecurity是一个入侵侦测与防护引擎,它主要是用于Web应用程序,所以也被称为Web应用程序防火墙 ModSecurity存在安全漏洞,允许远程攻击者通过XML外部实体声明结合实体引用,可读取任意文件,发送HTTP请求到内网服务器或进行拒绝服务攻击 0 ModSecurity 2.7.3 厂商解决方案 ModSecurity 2.7.3已经修复此漏洞,建议用户下载更新: http://www.modsecurity.org/...

7.5CVSS6.3AI score0.04208EPSS
Exploits1
OSV
OSV
added 2013/04/25 11:55 p.m.7 views

CVE-2013-1915

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...

6.6AI score
Exploits0References23
CVE
CVE
added 2013/04/25 11:0 p.m.91 views

CVE-2013-1915

CVE-2013-1915 (ModSecurity XXE) : ModSecurity before 2.7.3 is vulnerable to an XML External Entity (XXE) attack via an XML entity declaration and a referenced entity. This can allow remote attackers to read arbitrary files, make HTTP requests to intranet servers, or trigger denial of service (CPU...

7.5CVSS6.7AI score0.04208EPSS
Exploits1References15Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/04/17 12:0 a.m.26 views

FreeBSD : ModSecurity -- XML External Entity Processing Vulnerability (2070c79a-8e1e-11e2-b34d-000c2957946c)

Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...

7.5CVSS5.3AI score0.04208EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2013/04/15 12:0 a.m.39 views

Fedora Update for mod_security FEDORA-2013-4831

Check for the Version of modsecurity OpenVAS Vulnerability Test Fedora Update for modsecurity FEDORA-2013-4831 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

7.5CVSS6.4AI score0.04208EPSS
Exploits1References2
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.89 views

[SECURITY] [DSA 2659-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2659-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.8AI score0.04208EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/04/15 12:0 a.m.31 views

Fedora Update for mod_security FEDORA-2013-4834

Check for the Version of modsecurity OpenVAS Vulnerability Test Fedora Update for modsecurity FEDORA-2013-4834 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

7.5CVSS6.3AI score0.12507EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2013/04/15 12:0 a.m.27 views

Fedora Update for mod_security FEDORA-2013-4831

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...

7.5CVSS6.5AI score0.04208EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/04/14 12:0 a.m.26 views

Fedora 18 : mod_security-2.7.3-1.fc18 (2013-4831)

Update to 2.7.3. Upstream changelog: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

7.5CVSS5.3AI score0.04208EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/04/14 12:0 a.m.39 views

Fedora 17 : mod_security-2.7.3-1.fc17 (2013-4834)

Update to 2.7.3. Upstream changelog: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

7.5CVSS5.3AI score0.04208EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2013/04/08 12:0 a.m.20 views

Debian: Security Advisory (DSA-2659-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.04208EPSS
Exploits1References3
Rows per page
Query Builder