Lucene search
K

43 matches found

Debian
Debian
added 2026/02/22 10:3 a.m.7 views

[SECURITY] [DLA 4488-1] modsecurity-crs security update

Debian LTS Advisory DLA-4488-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost February 22, 2026 https://wiki.debian.org/LTS Package : modsecurity-crs Version : 3.3.4-1deb11u2 CVE ID : CVE-2023-38199 CVE-2026-21876 Debian Bug : 1041109 1125084 Multiple issues have be...

9.8CVSS7.3AI score0.13124EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.4 views

Debian dsa-6105 : modsecurity-crs - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6105 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6105-1 [email protected] https://www.debian.org/security/...

9.3CVSS5.9AI score0.13124EPSS
Exploits4References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.8 views

CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

5.3CVSS6.8AI score0.01671EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-16384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function na...

7.5CVSS7.1AI score0.01672EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-35368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.8CVSS7.1AI score0.02542EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/08/11 12:0 a.m.3 views

Debian: Security Advisory (DLA-4265-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.01085EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:6 a.m.7 views

CVE-2023-38199

coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...

9.8CVSS6.8AI score0.00631EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:12 a.m.8 views

CVE-2019-11387

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators...

5.3CVSS6.8AI score0.02375EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-39955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates...

9.8CVSS7.1AI score0.01085EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-39956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character...

9.8CVSS7.1AI score0.00926EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2022-39958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly...

7.5CVSS7.1AI score0.00927EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 8 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9.8CVSS7.2AI score0.01085EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.26 views

RHEL 7 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9AI score0.01085EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/19 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2024-0070)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.02542EPSS
Exploits3References8
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.5 views

OWASP ModSecurity Core Rule Set 安全漏洞

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in OWASP ModSecurity Core Rule Set 3.3.4 and earlier versions that stems from not blocking multiple Content-Type...

9.8CVSS8.2AI score0.00631EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2023/05/21 12:0 a.m.37 views

OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

Background Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Description Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

9.8CVSS7.4AI score0.02542EPSS
Exploits1
Veracode
Veracode
added 2023/03/11 3:37 a.m.28 views

SQL Injection

modsecurity-crs:buster is vulnerable to SQL Injection attacks. An SQL injection bypass exists in OWASP ModSecurity Core Rule Set via ab where a is a special function name such as "if" and b is the SQL statement to be executed...

7.5CVSS8.5AI score0.01672EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.6 views

SUSE CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

5.3CVSS5.6AI score0.01671EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11390

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition operators. NOT...

5.3CVSS5.6AI score0.01671EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.8CVSS7.5AI score0.02542EPSS
Exploits1References3
Rows per page
Query Builder