CVE-2019-11391

 

Published at: - 21-04-2019 04:29

Last modified: - 30-03-2022 08:42

Total changes: - 3

Description

** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

 

Verification logic

 

Reference

• https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357
• https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1372

 

Keywords

NVD

 

CVE-2019-11391

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures