CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2019/04/21 1:16 a.m.•66 views

CVE-2019-11391

The CVE-2019-11391 entry concerns OWASP ModSecurity Core Rule Set (CRS) up to version 3.1.0. The vulnerability is tied to /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf, where a specially crafted string beginning with $a# and containing nested repetition operators could cause a denial of service ...

Cvelist•added 2019/04/21 1:16 a.m.•38 views

CVE-2019-11391

5.3AI score0.01625EPSS

Debian CVE•added 2019/04/21 1:16 a.m.•15 views

CVE-2019-11391

CVE•added 2019/04/21 1:16 a.m.•57 views

CVE-2019-11390

CVE-2019-11390 affects OWASP ModSecurity Core Rule Set (CRS) up to version 3.1.0. The issue resides in /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf where crafted input using set_error_handler# at the beginning and nested repetition operators can cause a denial of service (ReDOS). The Red Hat/SU...

Cvelist•added 2019/04/21 1:16 a.m.•26 views

CVE-2019-11390

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition operators. NOT...

5.3AI score0.01671EPSS

Debian CVE•added 2019/04/21 1:16 a.m.•18 views

CVE-2019-11390

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition operators. NOT...

CVE•added 2019/04/21 1:15 a.m.•59 views

CVE-2019-11389

CVE-2019-11389 affects the OWASP ModSecurity Core Rule Set (CRS) up to version 3.1.0. The issue is in /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf, where a specially crafted string starting with next# and containing nested repetition operators can cause a denial of service (ReDoS) via the regul...

Debian CVE•added 2019/04/21 1:15 a.m.•18 views

CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

Cvelist•added 2019/04/21 1:15 a.m.•41 views

CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

5.3AI score0.01671EPSS

Vulnrichment•added 2019/04/21 1:15 a.m.•11 views

CVE-2019-11388

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes...

6.8AI score0.01625EPSS

CVE•added 2019/04/21 1:15 a.m.•53 views

CVE-2019-11388

Affected product: OWASP ModSecurity Core Rule Set (CRS) up to version 3.1.0. Vulnerable component: /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf, where a specially crafted string with nested repetition operators can cause a denial of service (ReDOS). Underlying cause: nested repetition operators...

Cvelist•added 2019/04/21 1:15 a.m.•38 views

CVE-2019-11388

5.2AI score0.01625EPSS

Debian CVE•added 2019/04/21 1:15 a.m.•14 views

CVE-2019-11388