Known Vulnerabilities for Modsecurity by Trustwave
Listed below are 10 of the newest known vulnerabilities associated with "Modsecurity" by "Trustwave".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-42717 | ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands... | 7.5 - HIGH | 2021-12-07 | 2022-09-03 |
| CVE-2020-15598 | ** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer r... | 7.5 - HIGH | 2020-10-06 | 2023-11-07 |
| CVE-2019-25043 | ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and wo... | 5.3 - MEDIUM | 2021-05-06 | 2021-05-14 |
| CVE-2019-19886 | Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large vo... | 7.5 - HIGH | 2020-01-21 | 2023-11-07 |
| CVE-2018-13065 | ** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this is... | 6.1 - MEDIUM | 2018-07-03 | 2023-11-07 |
| CVE-2013-5705 | apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding wi... | 5 - MEDIUM | 2014-04-15 | 2021-02-12 |
| CVE-2013-2765 | The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL poi... | 5 - MEDIUM | 2013-07-15 | 2021-02-10 |
| CVE-2013-1915 | ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a ... | 7.5 - HIGH | 2013-04-25 | 2021-02-12 |
| CVE-2012-4528 | The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitra... | 5 - MEDIUM | 2012-12-28 | 2021-02-12 |
| CVE-2012-2751 | ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parame... | 4.3 - MEDIUM | 2012-07-22 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Trustwave | Modsecurity | 3.0.4 | All | All | All |
| Application | Trustwave | Modsecurity | 3.0.3 | All | All | All |
| Application | Trustwave | Modsecurity | 3.0.2 | All | All | All |
| Application | Trustwave | Modsecurity | 3.0.1 | All | All | All |
| Application | Trustwave | Modsecurity | 3.0.0 | All | All | All |
| Application | Trustwave | Modsecurity | 2.9.3 | All | All | All |
| Application | Trustwave | Modsecurity | 2.9.2 | All | All | All |
| Application | Trustwave | Modsecurity | 2.9.1 | - | All | All |
| Application | Trustwave | Modsecurity | 2.9.1 | rc1 | All | All |
| Application | Trustwave | Modsecurity | 2.9.0 | - | All | All |
| Application | Trustwave | Modsecurity | 2.9.0 | rc1 | All | All |
| Application | Trustwave | Modsecurity | 2.9.0 | rc2 | All | All |
| Application | Trustwave | Modsecurity | 2.8.0 | - | All | All |
| Application | Trustwave | Modsecurity | 2.8.0 | rc1 | All | All |
| Application | Trustwave | Modsecurity | 2.7.7 | All | All | All |
| Application | Trustwave | Modsecurity | 2.7.6 | All | All | All |
| Application | Trustwave | Modsecurity | 2.7.5 | All | All | All |
| Application | Trustwave | Modsecurity | 2.7.4 | All | All | All |
| Application | Trustwave | Modsecurity | 2.7.3 | All | All | All |
| Application | Trustwave | Modsecurity | 2.7.2 | All | All | All |