BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
ModSecurity WAF 3.0 for Nginx - Denial of Service Mar 22 2018 02:01PM
x ksi (s3810 pjwstk edu pl)
Hey,

TL;DR: UAF in a "non-release" version of ModSecurity for Nginx.
!RCE|DoS, no need to panic.
Plus some old and even older exploitation vector(s).

/*
* 1. Use-After-Free (UAF)
*/

During one of the engagements my team tested a WAF running in production
Nginx + ModSecurity + OWAS...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus