5 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-33691
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a...
EUVD-2026-18352
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...
CVE-2026-21876
CVE-2026-21876 : The OWASP ModSecurity Core Rule Set (CRS) had a bug in rule 922110 that affects multipart requests. In earlier versions (before 4.22.0 and 3.3.8), when a chain iterates over a collection (e.g., MULTIPART_PART_HEADERS), capture variables TX:0 and TX:1 are overwritten on each itera...
PT-2019-12277 · Owasp +1 · Owasp Modsecurity Core Rule Set +1
Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions through 3.1.0 Description: An issue was discovered that allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested...
ModSecurity For Nginx Use-After-Free
Hey, TL;DR: UAF in a "non-release" version of ModSecurity for Nginx. !RCE|DoS, no need to panic. Plus some old and even older exploitation vectors. / 1. Use-After-Free UAF / During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In...