An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-21T01:14:49
Updated: 2024-08-04T22:48:09.171Z
Reserved: 2019-04-20T00:00:00
Link: CVE-2019-11387
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-04-21T02:29:00.237
Modified: 2022-04-18T17:13:08.437
Link: CVE-2019-11387
Redhat
No data.