Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mod_security (UTSA-2025-593903)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-593903 advisory. The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding...

9.8CVSS7.5AI score0.00952EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.5 views

PT-2025-27643 · Unknown · Modsecurity

Name of the Vulnerable Software and Affected Versions: ModSecurity versions 2.9.8 through 2.9.10 Description: The issue occurs when an empty XML tag is encountered, causing a segmentation fault. This happens if SecParseXmlIntoArgs is set to On or OnlyArgs, the request type is application/xml, and...

6.5CVSS9.3AI score0.00346EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.3 views

SUSE CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...

7.5CVSS9.1AI score0.03206EPSS
Exploits2References5
OSV
OSV
added 2022/09/20 7:15 a.m.2 views

UBUNTU-CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

9.8CVSS7.1AI score0.00952EPSS
Exploits0References4
Rows per page
Query Builder