Lucene search

Veracode Vulnerability DatabaseVERACODE:39669

HistoryMar 12, 2023 - 2:29 a.m.

Denial Of Service (DoS)

2023-03-1202:29:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

modsecurity-crs

buster

dos

attacks

vulnerability

remote

attackers

denial of service

repetition

operators

crafted

string

0.004 Low

EPSS

Percentile

74.6%

JSON

modsecurity-crs:buster is vulnerable to Denial of Service (DoS) attacks. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.

CPENameOperatorVersion
modsecurity-crs:bustereq3.1.0-1+deb10u1
modsecurity-crs:bustereq3.1.0-1+deb10u1

CPE	Name	Operator	Version
	modsecurity-crs:buster	eq	3.1.0-1+deb10u1
	modsecurity-crs:buster	eq	3.1.0-1+deb10u1

References

coreruleset.org/20190627/announcement-owasp-modsecurity-core-rule-set-version-3-1-1/

github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.1/dev/CHANGES

github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359

security-tracker.debian.org/tracker/CVE-2019-11387

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for VERACODE:39669