ModSecurity

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH)

The OWASP ModSecurity Core Rule Set (CRS) team has identified a Denial of Service vulnerability in the underlying ModSecurity engine. This affects all releases in the ModSecurity v3 release line. The vendor Trustwave Spiderlabs did not release an update yet. However, we are providing users with a patch for ModSecurity and a workaround if they …

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH) Read More »

CVE-2019-19886 – HIGH – DoS against libModSecurity 3

The ModSecurity 3.0.x release line suffers from a Denial of Service vulnerability after triggering a segmentation fault on the webserver when parsing a malformed cookie header. All users of ModSecurity 3.0.0 – 3.0.3 should update to ModSecurity 3.0.4 as soon as possible. ModSecurity 2.x is not affected. The CVSS score for the vulnerability is 7.5 …

CVE-2019-19886 – HIGH – DoS against libModSecurity 3 Read More »

Core Rule Set Project Won a German OSBAR Award!

The OWASP ModSecurity Core Rule Set Project is very excited about winning one of the OSBAR awards of the German Open Source Business Alliance. The prize is awarded to projects, start-ups and outstanding ideas from the open source environment. The increased attention should make it easier for the award winners to attract users, developers and …

Core Rule Set Project Won a German OSBAR Award! Read More »