Vulnerabilities > Trustwave
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-25 | CVE-2025-27110 | Encoding Error vulnerability in Trustwave Modsecurity 3.0.13 Libmodsecurity is one component of the ModSecurity v3 project. | 7.5 |
| 2024-01-30 | CVE-2024-1019 | Unspecified vulnerability in Trustwave Modsecurity ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. | 8.6 |
| 2023-07-26 | CVE-2023-38285 | Algorithmic Complexity vulnerability in Trustwave Modsecurity Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. | 7.5 |
| 2023-04-28 | CVE-2023-28882 | Resource Exhaustion vulnerability in Trustwave Modsecurity 3.0.5/3.0.6/3.0.8 Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. | 7.5 |
| 2023-01-20 | CVE-2022-48279 | Interpretation Conflict vulnerability in multiple products In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. | 7.5 |
| 2023-01-20 | CVE-2023-24021 | Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | 7.5 |
| 2021-12-07 | CVE-2021-42717 | Uncontrolled Recursion vulnerability in multiple products ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. | 7.5 |
| 2021-05-06 | CVE-2019-25043 | Improper Handling of Exceptional Conditions vulnerability in Trustwave Modsecurity ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header. | 5.3 |
| 2020-10-06 | CVE-2020-15598 | Infinite Loop vulnerability in multiple products Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. | 7.5 |
| 2020-02-19 | CVE-2014-2727 | OS Command Injection vulnerability in Trustwave Mailmarshal The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | 9.8 |