Vulnerabilities > Trustwave > Modsecurity > 3.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-30 | CVE-2024-1019 | Unspecified vulnerability in Trustwave Modsecurity ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. | 8.6 |
| 2023-07-26 | CVE-2023-38285 | Algorithmic Complexity vulnerability in Trustwave Modsecurity Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. | 7.5 |
| 2023-01-20 | CVE-2022-48279 | Interpretation Conflict vulnerability in multiple products In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. | 7.5 |
| 2021-12-07 | CVE-2021-42717 | Uncontrolled Recursion vulnerability in multiple products ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. | 5.0 |
| 2021-05-06 | CVE-2019-25043 | Improper Handling of Exceptional Conditions vulnerability in Trustwave Modsecurity ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header. | 5.0 |
| 2020-10-06 | CVE-2020-15598 | Infinite Loop vulnerability in multiple products Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. | 7.5 |
| 2020-01-21 | CVE-2019-19886 | Improper Resource Shutdown or Release vulnerability in multiple products Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. | 7.5 |