trustwave

Top products

The 15 most recently published vulnerabilities affecting trustwave.

• CVE-2025-47947ModSecurity Has Possible DoS Vulnerability7.5May 21, 2025
• CVE-2025-27110Libmodsecurity3 has possible bypass of encoded HTML entities7.5Feb 25, 2025
• CVE-2024-46292A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it ...7.5Oct 9, 2024
• CVE-2023-24021Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rul...7.5Jan 20, 2023
• CVE-2022-48279In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be c...7.5Jan 20, 2023
• CVE-2021-42717ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate ...7.5Dec 7, 2021
• CVE-2014-2727The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.9.8Feb 19, 2020
• CVE-2017-18001Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, ...9.8Dec 31, 2017
• CVE-2013-5705apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.5.0Apr 15, 2014
• CVE-2013-2765The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST reques...5.0Jul 15, 2013
• CVE-2013-1915ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entit...7.5Apr 25, 2013
• CVE-2012-4528The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an i...5.0Dec 28, 2012
• CVE-2012-2751ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart...4.3Jul 22, 2012
• CVE-2009-5031ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scr...4.3Jul 22, 2012
• CVE-2011-1906Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table vi...5.0May 5, 2011