Vulnerabilities > Trustwave > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-30 | CVE-2024-1019 | Unspecified vulnerability in Trustwave Modsecurity ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. | 8.6 |
2023-07-26 | CVE-2023-38285 | Algorithmic Complexity vulnerability in Trustwave Modsecurity Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. | 7.5 |
2023-04-28 | CVE-2023-28882 | Resource Exhaustion vulnerability in Trustwave Modsecurity 3.0.5/3.0.6 Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. | 7.5 |
2023-01-20 | CVE-2022-48279 | Interpretation Conflict vulnerability in multiple products In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. | 7.5 |
2023-01-20 | CVE-2023-24021 | Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | 7.5 |
2020-10-06 | CVE-2020-15598 | Infinite Loop vulnerability in multiple products Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. | 7.5 |
2020-02-19 | CVE-2014-2727 | OS Command Injection vulnerability in Trustwave Mailmarshal The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | 7.5 |
2020-01-21 | CVE-2019-19886 | Improper Resource Shutdown or Release vulnerability in multiple products Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. | 7.5 |
2013-04-25 | CVE-2013-1915 | XXE vulnerability in multiple products ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. | 7.5 |