all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285)

Add to bookmarks
July 25, 2023, midnight |

SpiderLabs Blog from Trustwave www.trustwave.com

ModSecurity is an open-source Web Application Firewall (WAF) engine maintained by Trustwave. This blog post discusses an issue with four transformation actions that could enable a Denial of Service (DoS) attack by a malicious actor. The issue has been addressed with fixes in v3.0.10. ModSecurity v2 is not affected.

actions actor application attack blog blog post cve denial of service dos enable engine firewall fixes issue malicious modsecurity service transformation trustwave vulnerability waf web web application web application firewall

Visit resource

More from www.trustwave.com / SpiderLabs Blog from Trustwave

The Invisible Battleground: Essentials of EASM 5 days, 22 hours ago | www.trustwave.com
attack attack surface attack surface management cyber +13
EDR – The Multi-Tool of Security Defenses 5 days, 22 hours ago | www.trustwave.com
blog blog posts can cybersecurity +10
Fake Dialog Boxes to Make Malware More Convincing 1 week, 3 days ago | www.trustwave.com
dialog engagement fake loader +7
The Secret Cipher: Modern Data Loss Prevention Solutions 1 week, 5 days ago | www.trustwave.com
automated can cipher data +18
CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway 2 weeks, 1 day ago | www.trustwave.com
alto arbitrary code attacker code +25
CNAPP, CSPM, CIEM, CWPP – Oh My! 2 weeks, 5 days ago | www.trustwave.com
alphabet ciem cnapp cspm +9
Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region 3 weeks, 1 day ago | www.trustwave.com
american attachment campaign deception +12
Zero Trust Essentials 3 weeks, 5 days ago | www.trustwave.com
blog blog posts can cybersecurity +8
Why We Should Probably Stop Visually Verifying Checksums 1 month ago | www.trustwave.com
checksums hello start thanks +2

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City
View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States
View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States
View on infosec-jobs.com
View more jobs