Описание
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | not-affected | 3.1.1-1 |
| disco | ignored | end of life |
| eoan | not-affected | 3.1.1-1 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | 3.1.1-1 |
| esm-apps/jammy | not-affected | 3.1.1-1 |
| esm-apps/noble | not-affected | 3.1.1-1 |
| esm-apps/xenial | needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
EPSS
4.3 Medium
CVSS2
5.3 Medium
CVSS3