Search CVE reports


Toggle filters

11 – 14 of 14 results


CVE-2019-11389

Medium priority
Ignored

** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially...

1 affected package

modsecurity-crs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity-crs Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-11388

Medium priority
Ignored

** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially...

1 affected package

modsecurity-crs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity-crs Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-11387

Medium priority
Needs evaluation

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string...

1 affected package

modsecurity-crs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity-crs Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2018-16384

Medium priority
Needs evaluation

A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as “if”) and b is the SQL statement to be executed.

1 affected package

modsecurity-crs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
modsecurity-crs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages