Vulnerabilities > Trustwave

DATE CVE VULNERABILITY TITLE RISK
2018-07-03 CVE-2018-13065 Cross-site Scripting vulnerability in Trustwave Modsecurity 3.0.0
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element.
network
low complexity
trustwave CWE-79
6.1
2017-12-31 CVE-2017-18001 Missing Authentication for Critical Function vulnerability in Trustwave Secure web Gateway 11.8.0.27
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
network
low complexity
trustwave CWE-306
critical
10.0
2014-04-15 CVE-2013-5705 apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
network
low complexity
trustwave debian
5.0
2013-04-25 CVE-2013-1915 XXE vulnerability in multiple products
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
network
low complexity
trustwave opensuse fedoraproject debian CWE-611
7.5
2012-12-28 CVE-2012-4528 The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
network
low complexity
trustwave opensuse fedoraproject
5.0
2012-07-22 CVE-2009-5031 Cross-Site Scripting vulnerability in multiple products
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.
4.3
2011-05-05 CVE-2011-1906 Credentials Management vulnerability in Trustwave Webdefend 2.0/3.0
Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.
network
low complexity
trustwave CWE-255
5.0
2011-05-05 CVE-2011-0756 Credentials Management vulnerability in Trustwave Webdefend 2.0
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port.
network
low complexity
trustwave CWE-255
5.0
2009-06-03 CVE-2009-1903 The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. 4.3
2009-06-03 CVE-2009-1902 Null Pointer Dereference vulnerability in multiple products
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
network
low complexity
trustwave fedoraproject CWE-476
5.0