Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Libmodsecurity3 has possible bypass of encoded HTML entities
Vulnerability Description
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.
CVSS Information
N/A
Vulnerability Type
编码错误
Vulnerability Title
ModSecurity 安全漏洞
Vulnerability Description
ModSecurity是OWASP ModSecurity开源的一个开源、跨平台的web应用程序防火墙(WAF)引擎。 ModSecurity 3.0.13版本存在安全漏洞,该漏洞源于无法解码包含前导零的编码HTML实体。
CVSS Information
N/A
Vulnerability Type
N/A