CVE-2019-13464

Опубликовано: 09 июл. 2019

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.

Релиз	Статус	Примечание
bionic	DNE
cosmic	DNE
devel	ignored	vulnerable code is part of the test suite, not production code
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/focal	ignored	vulnerable code is part of the test suite, not production code
esm-apps/jammy	ignored	vulnerable code is part of the test suite, not production code
esm-apps/noble	ignored	vulnerable code is part of the test suite, not production code
esm-infra-legacy/trusty	DNE
focal	ignored	end of standard support, was ignored [vulnerable code is part of the test suite, not production code]

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
cosmic	ignored	end of life
devel	not-affected	3.2.0-1
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needed
esm-apps/focal	not-affected	3.2.0-1
esm-apps/jammy	not-affected	3.2.0-1
esm-apps/noble	not-affected	3.2.0-1
esm-apps/xenial	not-affected	code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 61%

0.00419

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-13464

CVSS3: 7.5

nvd

больше 6 лет назад

CVE-2019-13464

CVSS3: 7.5

debian

больше 6 лет назад

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...

GHSA-9qm4-xr26-w9h5

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 61%

0.00419

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2019-13464

Описание

Пакет modsecurity

Пакет modsecurity-crs

Ссылки на источники

Связанные уязвимости