Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 8 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9.8CVSS7.2AI score0.01115EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 9 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9.8CVSS9.7AI score0.01115EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/19 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2024-0070)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.02542EPSS
Exploits3References8
Mageia
Mageia
added 2024/03/18 4:12 p.m.92 views

Updated apache-mod_security-crs packages fix security vulnerabilities

A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function name such as "if" and b is the SQL statement to be executed. CVE-2018-16384 Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 h...

9.8CVSS8.6AI score0.02542EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2023/05/21 12:0 a.m.41 views

GLSA-202305-25 : OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-25 OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities - OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.8CVSS7.6AI score0.02542EPSS
Exploits1References8
Prion
Prion
added 2022/09/20 7:15 a.m.38 views

Design/Logic Flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

7.5CVSS8.6AI score0.00952EPSS
Exploits0References6Affected Software3
UbuntuCve
UbuntuCve
added 2022/09/20 7:15 a.m.55 views

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

9.8CVSS7.1AI score0.00952EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/20 12:0 a.m.46 views

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

7.3CVSS8.9AI score0.00952EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/09/20 12:0 a.m.7 views

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

7.3CVSS6.8AI score0.00952EPSS
Exploits0References6
Rows per page
Query Builder