Vendor
Trustwave
Products
2
CVEs
10
Across products
10
Status
Private
Products
2- 8 CVEs
- 2 CVEs
Recent CVEs
10| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-4528 | 0.04 | — | 0.11 | Dec 28, 2012 | The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. | ||
| CVE-2009-1902 | 0.04 | — | 0.15 | Jun 3, 2009 | The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. | ||
| CVE-2013-5705 | 0.00 | — | 0.01 | Apr 15, 2014 | apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. | ||
| CVE-2013-2765 | 0.00 | — | 0.05 | Jul 15, 2013 | The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header. | ||
| CVE-2013-1915 | 0.00 | — | 0.05 | Apr 25, 2013 | ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. | ||
| CVE-2012-2751 | 0.00 | — | 0.02 | Jul 22, 2012 | ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. | ||
| CVE-2009-5031 | 0.00 | — | 0.01 | Jul 22, 2012 | ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. | ||
| CVE-2011-1906 | 0.00 | — | 0.00 | May 5, 2011 | Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756. | ||
| CVE-2011-0756 | 0.00 | — | 0.00 | May 5, 2011 | The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port. | ||
| CVE-2009-1903 | 0.00 | — | 0.02 | Jun 3, 2009 | The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. |