8 matches found
Debian: Security Advisory (DLA-4488-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-38199
coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...
Linux Distros Unpatched Vulnerability : CVE-2023-38199
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attacker...
CVE-2023-38199
creationtimestamp| type| source ---|---|--- 2023-07-13 07:45:14+00:00| seen| https://t.me/cibsecurity/66617 2026-02-22 16:09:51+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mfhjl3rkrk2o...
CVE-2023-38199
coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...
UBUNTU-CVE-2023-38199
coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...
CVE-2023-38199
coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...
CVE-2023-38199
The CVE-2023-38199 entry concerns coreruleset (OWASP ModSecurity Core Rule Set) up to version 3.3.4. The issue is that some platforms do not detect multiple Content-Type request headers, which can cause a WAF to be bypassed when an application relies on the last Content-Type header. This is a hea...