CVE-2021-42717
- EPSS 3.21%
- Veröffentlicht 07.12.2021 22:15:06
- Zuletzt bearbeitet 03.07.2025 20:59:18
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP ...
CVE-2019-25043
- EPSS 1.22%
- Veröffentlicht 06.05.2021 17:15:07
- Zuletzt bearbeitet 03.07.2025 20:59:18
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
CVE-2020-15598
- EPSS 3.18%
- Veröffentlicht 06.10.2020 14:15:12
- Zuletzt bearbeitet 03.07.2025 20:59:18
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles ...
CVE-2019-19886
- EPSS 2.5%
- Veröffentlicht 21.01.2020 22:15:15
- Zuletzt bearbeitet 03.07.2025 20:59:18
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeade...
CVE-2018-13065
- EPSS 1.35%
- Veröffentlicht 03.07.2018 12:29:00
- Zuletzt bearbeitet 03.07.2025 20:59:18
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured