How many CVEs does owasp ModSecurity Core Rule Set have?

owasp ModSecurity Core Rule Set has 4 published CVE records since 2022.

How many owasp ModSecurity Core Rule Set CVEs are in CISA KEV?

None of owasp ModSecurity Core Rule Set's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Which versions of owasp ModSecurity Core Rule Set are affected?

6 distinct owasp ModSecurity Core Rule Set versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in owasp ModSecurity Core Rule Set CVEs?

owasp ModSecurity Core Rule Set's CVEs most often map to these CWE weakness types: CWE-863 (Incorrect Authorization), CWE-693 (Protection Mechanism Failure).

What is the average severity of owasp ModSecurity Core Rule Set CVEs?

The average CVSS base score across owasp ModSecurity Core Rule Set's scored CVEs is 7.3.

owasp ModSecurity Core Rule Set Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of owasp ModSecurity Core Rule Set's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High4

Medium0

Low0

In CISA’s Known Exploited Vulnerabilities catalog

None of owasp ModSecurity Core Rule Set's CVEs are currently listed in CISA's KEV catalog.

Public exploits

No owasp ModSecurity Core Rule Set CVEs currently have a tracked public exploit.

Affected versions and CVEs

Browse every owasp ModSecurity Core Rule Set version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

3.0.x4 CVEs
3.1.x4 CVEs

Version ranges

<= 3.2.14 CVEs
<= 3.3.24 CVEs

Fixed in

> 3.2.14 CVEs
> 3.3.24 CVEs

Find a version

4 CVEs

Sort

Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range
CVE-2022-39958
Patch
CWE-863
High · CVSS 7.5
EPSS 0.6% (69th pct)2022-09-20
Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
CVE-2022-39957
Patch
CWE-693
High · CVSS 7.3
EPSS 0.9% (76th pct)2022-09-20
Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header
CVE-2022-39956
Patch
CWE-863
High · CVSS 7.3
EPSS 0.1% (31th pct)2022-09-20
Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header
CVE-2022-39955
Patch
CWE-863
High · CVSS 7.3
EPSS 0.8% (74th pct)2022-09-20

Severity and exploitation

Affected versions and CVEs

Specific versions

Version ranges

Fixed in

owasp ModSecurity Core Rule Set Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Version ranges

Fixed in

Common weakness types

Other owasp products

Frequently asked questions

How many CVEs does owasp ModSecurity Core Rule Set have?

How many owasp ModSecurity Core Rule Set CVEs are in CISA KEV?

Are there public exploits for owasp ModSecurity Core Rule Set vulnerabilities?

Which versions of owasp ModSecurity Core Rule Set are affected?

What are the most common weakness types in owasp ModSecurity Core Rule Set CVEs?

What is the average severity of owasp ModSecurity Core Rule Set CVEs?

References

Track owasp ModSecurity Core Rule Set vulnerabilities