VYPR

ModSecurity

by Spiderlabs

CVEs (2)

  • CVE-2018-13065MedJul 3, 2018
    risk 0.40cvss 6.1epss 0.01

    ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured

  • CVE-2013-5705Apr 15, 2014
    risk 0.00cvss epss 0.03

    apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.