Known Vulnerabilities for products from Trustwave

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Trustwave".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-42717 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2021-12-07 2022-09-03
CVE-2020-15598 ** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer r... 7.5 - HIGH 2020-10-06 2023-11-07
CVE-2019-25043 ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and wo... 5.3 - MEDIUM 2021-05-06 2021-05-14
CVE-2019-19886 Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large vo... 7.5 - HIGH 2020-01-21 2023-11-07
CVE-2018-16384 A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 ... 7.5 - HIGH 2018-09-03 2023-01-30
CVE-2018-13065 ** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this is... 6.1 - MEDIUM 2018-07-03 2023-11-07
CVE-2017-18001 Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device'... 9.8 - CRITICAL 2017-12-31 2019-10-03
CVE-2014-2727 The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. 9.8 - CRITICAL 2020-02-19 2020-02-25
CVE-2013-5705 apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding wi... 5 - MEDIUM 2014-04-15 2021-02-12
CVE-2013-2765 The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL poi... 5 - MEDIUM 2013-07-15 2021-02-10
CVE-2013-1915 ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a ... 7.5 - HIGH 2013-04-25 2021-02-12
CVE-2012-4528 The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitra... 5 - MEDIUM 2012-12-28 2021-02-12
CVE-2012-2751 ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parame... 4.3 - MEDIUM 2012-07-22 2023-11-07
CVE-2011-1906 Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which ma... 5 - MEDIUM 2011-05-05 2011-05-31
CVE-2011-0756 The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier... 5 - MEDIUM 2011-05-05 2011-05-31
CVE-2009-5031 ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to... 4.3 - MEDIUM 2012-07-22 2021-02-12
CVE-2009-1903 The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd... 4.3 - MEDIUM 2009-06-03 2021-02-14
CVE-2009-1902 The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multip... 5 - MEDIUM 2009-06-03 2021-02-12

Known software with vulnerabilities from Trustwave

Type Vendor Product Version
ApplicationTrustwaveMailmarshal7.2
ApplicationTrustwaveModsecurity2.0.0
ApplicationTrustwaveSecure Web Gateway11.8.0.27