Search CVE reports
11 – 14 of 14 results
CVE-2019-11389
Medium priority** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially...
1 affected package
modsecurity-crs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity-crs | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-11388
Medium priority** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially...
1 affected package
modsecurity-crs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity-crs | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-11387
Medium priorityAn issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string...
1 affected package
modsecurity-crs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity-crs | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
CVE-2018-16384
Medium priorityA SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as “if”) and b is the SQL statement to be executed.
1 affected package
modsecurity-crs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
modsecurity-crs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |