Debian: Security Advisory (DLA-4488-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4488-1 modsecurity-crs - security update

Bulletin has no description...

Debian: Security Advisory (DSA-6105-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-6105-1 modsecurity-crs - security update

Bulletin has no description...

OPENSUSE-SU-2025:14708-1 owasp-modsecurity-crs-4.9.0-1.1 on GA media

These are all security issues fixed in the owasp-modsecurity-crs-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

Type Confusion

modsecurity-crs is vulnerable to Type Confusion. coreruleset does not block multiple Content-Type headers, which allows an attacker to bypass a WAF with a crafted payload, which occurs when the web application relies on only the last Content-Type headers...

Denial Of Service (DoS)

modsecurity-crs:buster is vulnerable to Denial of Service DoS attacks. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators...

Debian dla-3293 : modsecurity-crs - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3293 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3293-1 [email protected]...

Debian: Security Advisory (DLA-3293-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3293-1] modsecurity-crs security update

Debian LTS Advisory DLA-3293-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost January 30, 2023 https://wiki.debian.org/LTS Package : modsecurity-crs Version : 3.2.3-0+deb10u3 CVE ID : CVE-2018-16384 CVE-2020-22669 CVE-2021-35368 CVE-2022-39955 CVE-2022-39956...

DLA-3293-1 modsecurity-crs - security update

Bulletin has no description...

Authorization Bypass

modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to encoded payload bypass detection, allowing an attacker to cause a specially malicious HTTP Content-Type header field...

Authorization Bypass

modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to character encoding scheme, allowing an attacker to cause a specially malicious HTTP multipart requests to bypass detection...

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

PT-2022-8647 · Unknown +1 · Modsecurity +2

Name of the Vulnerable Software and Affected Versions: Modsecurity owasp-modsecurity-crs version 3.2.0 Description: The issue allows attackers to bypass Modsecurity WAF protection using comment characters and variable assignments in SQL syntax, enabling them to implement SQL injection attacks on...

CVE-2020-22669

CVE-2020-22669 affects the OWASP ModSecurity CRS; a SQL injection bypass exists in ModSecurity CRS versions including 3.2.0 PL1. Reports describe bypass via SQL syntax comments/variable assignments that defeat CRS protections. Debian and Mageia advisories indicate remediation by upgrading CRS to ...

Authorization Bypass

modsecurity-crs is vulnerable to authorization bypass. An attacker is able to exploit a vulnerability in the backend that results in a CRS request body bypass that abuses trailing pathname information...

Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques

An open-source Go project to test different web application firewalls WAF for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let's say you defined 2 payloads, 3 encoders Base64, JSON, and...