Known Vulnerabilities for products from Trustwave
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Trustwave".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-38285 json | Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. | 7.5 - HIGH | 2023-07-26 | 2023-08-02 |
| CVE-2023-28882 json | Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because... | 7.5 - HIGH | 2023-04-28 | 2023-05-04 |
| CVE-2023-24021 json | Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses ... | 7.5 - HIGH | 2023-01-20 | 2023-11-07 |
| CVE-2022-48279 json | In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Ap... | 7.5 - HIGH | 2023-01-20 | 2023-11-07 |
| CVE-2021-42717 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2021-12-07 | 2022-09-03 |
| CVE-2020-15598 json | ** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer r... | 7.5 - HIGH | 2020-10-06 | 2023-11-07 |
| CVE-2019-25043 json | ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and wo... | 5.3 - MEDIUM | 2021-05-06 | 2021-05-14 |
| CVE-2019-19886 json | Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large vo... | 7.5 - HIGH | 2020-01-21 | 2023-11-07 |
| CVE-2018-16384 json | A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 ... | 7.5 - HIGH | 2018-09-03 | 2023-01-30 |
| CVE-2018-13065 json | ** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this is... | 6.1 - MEDIUM | 2018-07-03 | 2023-11-07 |
| CVE-2017-18001 json | Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device'... | 9.8 - CRITICAL | 2017-12-31 | 2019-10-03 |
| CVE-2014-2727 json | The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | 9.8 - CRITICAL | 2020-02-19 | 2020-02-25 |
| CVE-2013-5705 json | apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding wi... | 5 - MEDIUM | 2014-04-15 | 2021-02-12 |
| CVE-2013-2765 json | The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL poi... | 5 - MEDIUM | 2013-07-15 | 2021-02-10 |
| CVE-2013-1915 json | ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a ... | 7.5 - HIGH | 2013-04-25 | 2021-02-12 |
| CVE-2012-4528 json | The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitra... | 5 - MEDIUM | 2012-12-28 | 2021-02-12 |
| CVE-2012-2751 json | ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parame... | 4.3 - MEDIUM | 2012-07-22 | 2023-11-07 |
| CVE-2011-1906 json | Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which ma... | 5 - MEDIUM | 2011-05-05 | 2011-05-31 |
| CVE-2011-0756 json | The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier... | 5 - MEDIUM | 2011-05-05 | 2011-05-31 |
| CVE-2009-5031 json | ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to... | 4.3 - MEDIUM | 2012-07-22 | 2021-02-12 |
Known software with vulnerabilities from Trustwave
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Trustwave | Mailmarshal | 7.2 |
| Application | Trustwave | Modsecurity | 2.0.0 |
| Application | Trustwave | Secure Web Gateway | 11.8.0.27 |