ModSecurity v3 affected by DoS (CVE-2020-15598)

September 15, 2020

Posted by Christian Folini on Sep 15

ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the
global matching of regular expressions. The combination of a non-anchored
regular expression and the ModSecurity “capture” action can be exploited via a
specially crafted payload.

While ModSecurity v2.x used to quit the execution of a regular expression
after the first match. ModSecurity v3.0.x silently changed the behavior to
global matching. This results in a…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Tags: , , , , , , , , ,

You may have missed

gophish

GoPhish Login Page Detected – 34[.]133[.]186[.]252:4444

May 8, 2024
gophish

GoPhish Login Page Detected – 195[.]133[.]13[.]135:4444

May 8, 2024
gophish

GoPhish Login Page Detected – 64[.]227[.]178[.]226:3333

May 8, 2024
gophish

GoPhish Login Page Detected – 51[.]159[.]6[.]180:3333

May 8, 2024
hackerone

HackerOne Bug Bounty Disclosure: member-role-which-doesn-t-have-permission-to-send-message-can-send-by-executing-channel-commands-ramsakal

May 8, 2024