Vulnerabilities > CVE-2019-25043 - Improper Handling of Exceptional Conditions vulnerability in Trustwave Modsecurity

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

trustwave

CWE-755

NVD

Published: 2021-05-06

Updated: 2021-05-14

Summary

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.

Vulnerable Configurations

Part	Description	Count
Application	Trustwave Trustwave Modsecurity 3.0.0 Trustwave Modsecurity 3.0.1 Trustwave Modsecurity 3.0.2 Trustwave Modsecurity 3.0.3	4

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://github.com/SpiderLabs/ModSecurity/issues/2566