CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386
https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1391
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386
https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1391

Products affected by CVE-2019-13464

Modsecurity » Owasp Modsecurity Core Rule Set » Version: 3.0.2

cpe:2.3:a:modsecurity:owasp_modsecurity_core_rule_set:3.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13464

Products

Pricing

Contact Us