SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2023-38285

Date: (C)2023-07-27 (M)2024-05-22

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.5		CVSS Score :
Exploit Score: 3.9		Exploit Score:
Impact Score: 3.6		Impact Score:

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector:
Attack Complexity: LOW		Access Complexity:
Privileges Required: NONE		Authentication:
User Interaction: NONE		Confidentiality:
Scope: UNCHANGED		Integrity:
Confidentiality: NONE		Availability:
Integrity: NONE
Availability: HIGH

Reference:

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/

https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/

oval:org.secpod.oval:def:3301703
oval:org.secpod.oval:def:3302010

© SecPod Technologies