Vulnerabilities (CVE)

Filtered by vendor Owasp Subscribe

Filtered by product Owasp Modsecurity Core Rule Set

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-35368	3 Debian, Fedoraproject, Owasp	3 Debian Linux, Fedora, Owasp Modsecurity Core Rule Set	2023-08-08	7.5 HIGH	9.8 CRITICAL
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
CVE-2018-16384	1 Owasp	1 Owasp Modsecurity Core Rule Set	2021-05-10	5.0 MEDIUM	7.5 HIGH
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.