322 matches found
BIT-MODSECURITY2-2023-28882
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...
BIT-MODSECURITY-2023-28882
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...
BIT-MODSECURITY2-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
BIT-MODSECURITY-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3rStealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat...
Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...
openSUSE 15 Security Update : modsecurity (openSUSE-SU-2023:0269-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0269-1 advisory. - DISPUTED Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports Trustwave has...
openSUSE 15 Security Update : modsecurity (openSUSE-SU-2023:0257-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0257-1 advisory. - DISPUTED Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports Trustwave has...
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created...
New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers
Vulnerable Redis services have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher...
New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3
Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension...
CVE-2023-38285
A vulnerability was found in Trustwave's ModSecurity project due to an inefficient algorithmic complexity flaw. This issue is present in four transformation actions: removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could...
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
Code injection
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
PT-2023-26345 · Trustwave +1 · Modsecurity +1
Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.0 through 3.0.9 Description: The issue is related to Inefficient Algorithmic Complexity. Recommendations: For Trustwave ModSecurity versions 3.0.0 through 3.0.9, update to version 3.0.10 or later to resolve...
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...
CVE-2023-38285
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...