Lucene search
+L

8 matches found

openvas
openvas
added 2026/02/23 12:0 a.m.7 views

Debian: Security Advisory (DLA-4488-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS5.4AI score0.13124EPSS
Exploits4References2
redhatcve
redhatcve
added 2025/05/23 4:6 a.m.7 views

CVE-2023-38199

coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...

9.8CVSS6.8AI score0.00754EPSS
Exploits0
nessus
nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2023-38199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attacker...

9.8CVSS7AI score0.00754EPSS
Exploits0References2
circl
circl
added 2023/07/13 7:45 a.m.8 views

CVE-2023-38199

creationtimestamp| type| source ---|---|--- 2023-07-13 07:45:14+00:00| seen| https://t.me/cibsecurity/66617 2026-02-22 16:09:51+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mfhjl3rkrk2o...

9.8CVSS8.6AI score0.00754EPSS
Exploits0References2
nvd
nvd
added 2023/07/13 3:15 a.m.10 views

CVE-2023-38199

coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...

9.8CVSS0.00754EPSS
Exploits0References2
osv
osv
added 2023/07/13 3:15 a.m.3 views

UBUNTU-CVE-2023-38199

coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...

9.8CVSS5.8AI score0.00754EPSS
Exploits0References4
cvelist
cvelist
added 2023/07/13 12:0 a.m.33 views

CVE-2023-38199

coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...

9.6AI score0.00754EPSS
Exploits0References2
cve
cve
added 2023/07/13 12:0 a.m.50 views

CVE-2023-38199

The CVE-2023-38199 entry concerns coreruleset (OWASP ModSecurity Core Rule Set) up to version 3.3.4. The issue is that some platforms do not detect multiple Content-Type request headers, which can cause a WAF to be bypassed when an application relies on the last Content-Type header. This is a hea...

9.8CVSS9.2AI score0.00754EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder