Modsecurity Owasp Modsecurity Core Rule Set vulnerabilities

6 known vulnerabilities affecting modsecurity/owasp_modsecurity_core_rule_set.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2019-13464HIGHCVSS 7.5v3.0.22019-07-09
CVE-2019-13464 [HIGH] CWE-434 CVE-2019-13464: An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.
nvd
CVE-2019-11391MEDIUMCVSS 5.3≤ 3.1.02019-04-21
CVE-2019-11391 [MEDIUM] CWE-400 CVE-2019-11391: An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-A An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerabili
nvd
CVE-2019-11387MEDIUMCVSS 5.3≥ 3.0.0, ≤ 3.1.02019-04-21
CVE-2019-11387 [MEDIUM] CWE-400 CVE-2019-11387: An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-A An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
nvd
CVE-2019-11389MEDIUMCVSS 5.3≤ 3.1.02019-04-21
CVE-2019-11389 [MEDIUM] CWE-400 CVE-2019-11389: An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-A An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerabi
nvd
CVE-2019-11390MEDIUMCVSS 5.3≤ 3.1.02019-04-21
CVE-2019-11390 [MEDIUM] CWE-400 CVE-2019-11390: An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-A An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this i
nvd
CVE-2019-11388MEDIUMCVSS 5.3≤ 3.1.02019-04-21
CVE-2019-11388 [MEDIUM] CWE-400 CVE-2019-11388: An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-A An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cann
nvd
Modsecurity Owasp Modsecurity Core Rule Set vulnerabilities | cvebase