Trustwave ModSecurity 2.5.13

CPE Details

Trustwave ModSecurity 2.5.13
trustwave
modsecurity
2.5.13
2021-02-10
14h34 +00:00
2021-02-10
15h27 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:trustwave:modsecurity:2.5.13:*:*:*:*:*:*:*

Informations

Vendor

trustwave

Product

modsecurity

Version

2.5.13

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-48279 2023-01-20 00h00 +00:00 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
7.5
High
CVE-2023-24021 2023-01-20 00h00 +00:00 Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
7.5
High
CVE-2021-42717 2021-12-07 20h08 +00:00 ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.
7.5
High
CVE-2013-5705 2014-04-15 08h00 +00:00 apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
5
CVE-2013-2765 2013-07-15 13h00 +00:00 The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
5
CVE-2013-1915 2013-04-25 21h00 +00:00 ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
7.5
CVE-2012-4528 2012-12-28 10h00 +00:00 The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5
CVE-2012-2751 2012-07-22 14h00 +00:00 ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
4.3