Vulnerabilities > Trustwave > Modsecurity

DATE CVE VULNERABILITY TITLE RISK
2024-01-30 CVE-2024-1019 Unspecified vulnerability in Trustwave Modsecurity
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs.
network
low complexity
trustwave
8.6
2023-07-26 CVE-2023-38285 Algorithmic Complexity vulnerability in Trustwave Modsecurity
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
network
low complexity
trustwave CWE-407
7.5
2023-04-28 CVE-2023-28882 Resource Exhaustion vulnerability in Trustwave Modsecurity 3.0.5/3.0.6/3.0.8
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
network
low complexity
trustwave CWE-400
7.5
2023-01-20 CVE-2022-48279 Interpretation Conflict vulnerability in multiple products
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall.
network
low complexity
trustwave debian CWE-436
7.5
2023-01-20 CVE-2023-24021 Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
network
low complexity
trustwave debian
7.5
2021-12-07 CVE-2021-42717 Uncontrolled Recursion vulnerability in multiple products
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects.
network
low complexity
trustwave f5 debian oracle CWE-674
7.5
2021-05-06 CVE-2019-25043 Improper Handling of Exceptional Conditions vulnerability in Trustwave Modsecurity
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
network
low complexity
trustwave CWE-755
5.3
2020-10-06 CVE-2020-15598 Infinite Loop vulnerability in multiple products
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request.
network
low complexity
trustwave debian CWE-835
7.5
2020-01-21 CVE-2019-19886 Improper Resource Shutdown or Release vulnerability in multiple products
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.
network
low complexity
trustwave fedoraproject CWE-404
7.5
2018-07-03 CVE-2018-13065 Cross-site Scripting vulnerability in Trustwave Modsecurity 3.0.0
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element.
network
low complexity
trustwave CWE-79
6.1