Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
ModSecurity WAF 3.0 for Nginx - Denial of Service
Mar 22 2018 02:01PM
x ksi (s3810 pjwstk edu pl)
TL;DR: UAF in a "non-release" version of ModSecurity for Nginx.
!RCE|DoS, no need to panic.
Plus some old and even older exploitation vector(s).
* 1. Use-After-Free (UAF)
During one of the engagements my team tested a WAF running in production
Nginx + ModSecurity + OWAS...
[ more ]
Copyright 2010, SecurityFocus