Owasp Modsecurity Core Rule Set Security Vulnerabilities and Issues — Owasp Modsecurity Core Rule Set CVE List

Lucene search

OwaspOwasp Modsecurity Core Rule Set

4 matches found

CVE•added 2022/09/20 7:15 a.m.•120 views

CVE-2022-39956

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and ins...

9.8CVSS8.6AI score0.0008EPSS

CVE•added 2022/09/20 7:15 a.m.•84 views

CVE-2022-39955

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

9.8CVSS8AI score0.00141EPSS

CVE•added 2021/11/05 6:15 p.m.•64 views

CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.

9.8CVSS9.2AI score0.00245EPSS

CVE•added 2022/09/02 6:15 p.m.•47 views

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

9.8CVSS9.6AI score0.0006EPSS