Vulnerabilities > Trustwave

DATE CVE VULNERABILITY TITLE RISK
2021-12-07 CVE-2021-42717 Uncontrolled Recursion vulnerability in multiple products
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects.
network
low complexity
trustwave f5 debian CWE-674
5.0
2021-05-06 CVE-2019-25043 Improper Handling of Exceptional Conditions vulnerability in Trustwave Modsecurity
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
network
low complexity
trustwave CWE-755
5.0
2020-10-06 CVE-2020-15598 Infinite Loop vulnerability in multiple products
** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request.
network
low complexity
trustwave debian CWE-835
5.0
2020-02-19 CVE-2014-2727 OS Command Injection vulnerability in Trustwave Mailmarshal
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
network
low complexity
trustwave CWE-78
7.5
2020-01-21 CVE-2019-19886 Improper Resource Shutdown or Release vulnerability in Trustwave Modsecurity 3.0.0/3.0.3
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.
network
low complexity
trustwave CWE-404
5.0
2018-07-03 CVE-2018-13065 Cross-site Scripting vulnerability in Trustwave Modsecurity 3.0.0
** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element.
network
trustwave CWE-79
4.3
2017-12-31 CVE-2017-18001 Missing Authentication for Critical Function vulnerability in Trustwave Secure web Gateway 11.8.0.27
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
network
low complexity
trustwave CWE-306
critical
10.0
2014-04-15 CVE-2013-5705 apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
network
low complexity
trustwave debian
5.0
2013-04-25 CVE-2013-1915 XXE vulnerability in multiple products
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
network
low complexity
trustwave opensuse fedoraproject debian CWE-611
7.5
2012-12-28 CVE-2012-4528 The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
network
low complexity
trustwave opensuse fedoraproject
5.0