CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13464
https://notcve.org/view.php?id=CVE-2019-13464
09 Jul 2019 — An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid. Se detectó un problema en OWASP ModSecurity Core Rule Set (CRS) versión 3.0.2. El uso de X.Filename en lugar de X_Filename puede omitir algunas reglas de PHP Script Uploads, porque PHP transforma automáticamente los puntos en guiones bajos en determinados... • https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11391
https://notcve.org/view.php?id=CVE-2019-11391
21 Apr 2019 — An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity ** EN DISPUTA ** Se detecto un problema en OWASP ModSecurity Core Rule Set (CRS) versión 3.1.0. El archi... • https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11390
https://notcve.org/view.php?id=CVE-2019-11390
21 Apr 2019 — An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity ** EN DISPUTA ** Un problema fue descubierto en OWASP ModSecurity Core Rule Set (CRS) ver... • https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11389
https://notcve.org/view.php?id=CVE-2019-11389
21 Apr 2019 — An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity **EN DISPUTA ** Se detecto un problema en OWASP ModSecurity Core Rule Set (CRS) versión 3.1.0. El arch... • https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11388
https://notcve.org/view.php?id=CVE-2019-11388
21 Apr 2019 — An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity ** EN DISPUTA ** Un problema fue descubierto en OWASP ModSecurity Core Rule Set (CRS) versión 3.1.0. El fichero /rules/REQUEST-93... • https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11387
https://notcve.org/view.php?id=CVE-2019-11387
21 Apr 2019 — An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. Un problema fue descubierto en OWASP ModSecurity Core Rule Set (CRS) versión 3.1.0. El fichero /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf permite a los atacantes remotos provocar una denegación de servicio (ReDOS) introduciendo una cadena especi... • https://coreruleset.org/20190627/announcement-owasp-modsecurity-core-rule-set-version-3-1-1 • CWE-400: Uncontrolled Resource Consumption •