Lucene search
+L

4 matches found

SUSE CVE
SUSE CVE
added 2025/03/29 3:3 a.m.3 views

SUSE CVE-2025-29914

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS6.8AI score0.00294EPSS
Exploits0References3
NVD
NVD
added 2025/03/20 6:15 p.m.11 views

CVE-2025-29914

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS0.00294EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/20 5:44 p.m.19 views

CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS5.3AI score0.00294EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 5:44 p.m.20 views

CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS0.00294EPSS
Exploits0References2
Rows per page
Query Builder