3 matches found
CVE-2019-11388
An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes...
CVE-2019-11388
An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes...
CVE-2019-11388
Affected product: OWASP ModSecurity Core Rule Set (CRS) up to version 3.1.0. Vulnerable component: /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf, where a specially crafted string with nested repetition operators can cause a denial of service (ReDOS). Underlying cause: nested repetition operators...