Vulnerabilities > Trustwave > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-30 CVE-2024-1019 Unspecified vulnerability in Trustwave Modsecurity
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs.
network
low complexity
trustwave
8.6
2023-07-26 CVE-2023-38285 Algorithmic Complexity vulnerability in Trustwave Modsecurity
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
network
low complexity
trustwave CWE-407
7.5
2023-04-28 CVE-2023-28882 Resource Exhaustion vulnerability in Trustwave Modsecurity 3.0.5/3.0.6
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
network
low complexity
trustwave CWE-400
7.5
2023-01-20 CVE-2022-48279 Interpretation Conflict vulnerability in multiple products
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall.
network
low complexity
trustwave debian CWE-436
7.5
2023-01-20 CVE-2023-24021 Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
network
low complexity
trustwave debian
7.5
2020-10-06 CVE-2020-15598 Infinite Loop vulnerability in multiple products
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request.
network
low complexity
trustwave debian CWE-835
7.5
2020-02-19 CVE-2014-2727 OS Command Injection vulnerability in Trustwave Mailmarshal
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
network
low complexity
trustwave CWE-78
7.5
2020-01-21 CVE-2019-19886 Improper Resource Shutdown or Release vulnerability in multiple products
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.
network
low complexity
trustwave fedoraproject CWE-404
7.5
2013-04-25 CVE-2013-1915 XXE vulnerability in multiple products
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
network
low complexity
trustwave opensuse fedoraproject debian CWE-611
7.5