Lucene search
+L

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-42402

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00953EPSS
Exploits0References7
Debian
Debian
added 2025/08/08 9:0 p.m.60 views

[SECURITY] [DLA 4265-1] modsecurity-crs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 08, 2025 https://wiki.debian.org/LTS -...

9.8CVSS8.6AI score0.01115EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 9 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9.8CVSS9.7AI score0.01115EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 8 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9.8CVSS7.2AI score0.01115EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/05/21 12:0 a.m.42 views

GLSA-202305-25 : OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-25 OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities - OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.8CVSS7.6AI score0.02542EPSS
Exploits1References8
Veracode
Veracode
added 2022/10/10 9:8 p.m.35 views

Authorization Bypass

modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to repeated payloads with a HTTP range header field, allowing an attacker to do a response body bypass by accessing to restricted resources...

7.5CVSS8.4AI score0.00953EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2022/09/20 7:15 a.m.28 views

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

7.5CVSS0.00953EPSS
Exploits0References7
OSV
OSV
added 2022/09/20 7:15 a.m.4 views

DEBIAN-CVE-2022-39957

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

7.5CVSS7.5AI score0.00771EPSS
Exploits0References1
Prion
Prion
added 2022/09/20 7:15 a.m.21 views

Design/Logic Flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

5CVSS8.3AI score0.00771EPSS
Exploits0References6Affected Software3
UbuntuCve
UbuntuCve
added 2022/09/20 7:15 a.m.48 views

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

7.5CVSS7.1AI score0.00953EPSS
Exploits0References2
Prion
Prion
added 2022/09/20 7:15 a.m.24 views

Authentication flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

5CVSS8.4AI score0.00953EPSS
Exploits0References6Affected Software3
Vulnrichment
Vulnrichment
added 2022/09/20 12:0 a.m.7 views

CVE-2022-39957 Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

7.3CVSS6.6AI score0.00771EPSS
Exploits0References6
CVE
CVE
added 2022/09/20 12:0 a.m.112 views

CVE-2022-39958

The CVE-2022-39958 issue affects the OWASP ModSecurity Core Rule Set (CRS) and enables a response-body bypass that can exfiltrate small data portions by repeatedly issuing HTTP Range requests. Affected legacy CRS: 3.0.x, 3.1.x; and currently supported: 3.2.1, 3.3.2. Upgrades are recommended to CR...

7.5CVSS7.9AI score0.00953EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2022/09/20 12:0 a.m.61 views

CVE-2022-39958 Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

7.5CVSS8.7AI score0.00953EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2022/09/20 12:0 a.m.40 views

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

7.5CVSS7.4AI score0.00953EPSS
Exploits0
Rows per page
Query Builder