VYPR

Modsecurity

by Trustwave

Source repositories

CVEs (30)

  • CVE-2019-19886Jan 21, 2020
    risk 0.00cvss epss 0.03

    Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.

  • CVE-2013-5705Apr 15, 2014
    risk 0.00cvss epss 0.03

    apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

  • CVE-2013-2765Jul 15, 2013
    risk 0.00cvss epss 0.14

    The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

  • CVE-2013-1915Apr 25, 2013
    risk 0.00cvss epss 0.04

    ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity…

  • CVE-2012-2751Jul 22, 2012
    risk 0.00cvss epss 0.03

    ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering…

  • CVE-2009-5031Jul 22, 2012
    risk 0.00cvss epss 0.03

    ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the…

  • CVE-2009-1903Jun 3, 2009
    risk 0.00cvss epss 0.03

    The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

  • CVE-2008-5676Dec 19, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via…

  • CVE-2004-1765Dec 31, 2004
    risk 0.00cvss epss 0.05

    Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.

  • CVE-2003-1171Dec 31, 2003
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.

Page 2 of 2