Lucene search
+L

37 matches found

osv
osv
added 2023/04/28 12:0 a.m.20 views

CVE-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

7.5CVSS7.1AI score0.00731EPSS
Exploits0References3
githubexploit
githubexploit
added 2022/11/20 6:1 p.m.985 views

Exploit for Uncontrolled Recursion in Owasp Modsecurity

Detection-and-Mitigation-script-for-CVE-2021-42717 Detection a...

7.5CVSS7.8AI score0.03206EPSS
Exploits2
bdu_fstec
bdu_fstec
added 2022/10/04 12:0 a.m.10 views

The vulnerability of the network firewall used for protecting web applications, Trustwave ModSecurity, arises from the execution of a loop with an unavailable exit condition. This allows attackers to trigger a service failure.

The vulnerability of the network firewall used for protecting web applications, Trustwave ModSecurity, is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a specially crafted HTTP...

7.8CVSS7.3AI score0.03179EPSS
Exploits2References7Affected Software2
nvd
nvd
added 2020/10/06 2:15 p.m.27 views

CVE-2020-15598

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial...

7.5CVSS0.03179EPSS
Exploits2References5
osv
osv
added 2020/10/06 2:15 p.m.11 views

CVE-2020-15598

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial...

7.5CVSS7.3AI score0.03179EPSS
Exploits2References5
prion
prion
added 2020/10/06 2:15 p.m.21 views

Default configuration

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial...

5CVSS7.3AI score0.03179EPSS
Exploits2References5Affected Software2
cvelist
cvelist
added 2020/10/06 1:38 p.m.31 views

CVE-2020-15598

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial...

7.2AI score0.03179EPSS
Exploits2References5
ptsecurity
ptsecurity
added 2020/09/14 12:0 a.m.5 views

PT-2020-6759 · Trustwave · Modsecurity

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.x through 3.0.4 Description: The issue is related to the handling of regular expressions in Trustwave ModSecurity, which can result in a Denial of Service condition. An attacker would need to know that a rule...

7.8CVSS6.9AI score0.03206EPSS
Exploits4References35
nvd
nvd
added 2020/01/21 10:15 p.m.39 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS7.4AI score0.02501EPSS
Exploits0References4
osv
osv
added 2020/01/21 10:15 p.m.22 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS6.5AI score0.02501EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2020/01/21 10:15 p.m.24 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS7.1AI score0.02501EPSS
Exploits0References4
prion
prion
added 2020/01/21 10:15 p.m.22 views

Code injection

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

5CVSS7.3AI score0.02501EPSS
Exploits0References4Affected Software2
osv
osv
added 2020/01/21 10:15 p.m.4 views

UBUNTU-CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS5.8AI score0.02501EPSS
Exploits0References5
cvelist
cvelist
added 2020/01/21 9:59 p.m.53 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.3AI score0.02501EPSS
Exploits0References4
debiancve
debiancve
added 2020/01/21 9:59 p.m.21 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS7.3AI score0.02501EPSS
Exploits0
ptsecurity
ptsecurity
added 2020/01/21 12:0 a.m.2 views

PT-2020-10284 · Trustwave · Modsecurity

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.0 through 3.0.3 Description: The issue allows an attacker to send crafted requests that may lead to the server becoming slow or unresponsive due to a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS6.8AI score0.02501EPSS
Exploits0References24
ptsecurity
ptsecurity
added 2013/02/27 12:0 a.m.5 views

PT-2013-22: XML External Entity Injection in Trustwave ModSecurity

Positive Research Center experts have discovered "XML External Entity Injection" vulnerability in Trustwave ModSecurity. If an attacker sends specially crafted request containing malformed XML to server with ModSecurity, the server will automatically send the contents of local or remote resources...

10CVSS7.4AI score
Exploits0References3
Rows per page
Query Builder