rpm package
opensuse/modsecurity&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/modsecurity&distro=openSUSE%20Leap%2015.5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38285 | — | < 3.0.10-bp155.3.3.1 | 3.0.10-bp155.3.3.1 | Jul 26, 2023 | Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. | ||
| CVE-2023-28882 | — | < 3.0.10-bp155.3.3.1 | 3.0.10-bp155.3.3.1 | Apr 28, 2023 | Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. | ||
| CVE-2021-42717 | — | < 3.0.10-bp155.3.3.1 | 3.0.10-bp155.3.3.1 | Dec 7, 2021 | ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the | ||
| CVE-2020-15598 | — | < 3.0.10-bp155.3.3.1 | 3.0.10-bp155.3.3.1 | Oct 6, 2020 | Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can r |
- CVE-2023-38285Jul 26, 2023affected < 3.0.10-bp155.3.3.1fixed 3.0.10-bp155.3.3.1
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
- CVE-2023-28882Apr 28, 2023affected < 3.0.10-bp155.3.3.1fixed 3.0.10-bp155.3.3.1
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
- CVE-2021-42717Dec 7, 2021affected < 3.0.10-bp155.3.3.1fixed 3.0.10-bp155.3.3.1
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the
- CVE-2020-15598Oct 6, 2020affected < 3.0.10-bp155.3.3.1fixed 3.0.10-bp155.3.3.1
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can r