Themiddleblue

**Name of the Vulnerable Software and Affected Versions** Modsecurity owasp-modsecurity-crs version 3.2.0 **Description** The issue allows attackers to bypass Modsecurity WAF protection using comment characters and variable assignments in SQL syntax, enabling them to implement SQL injection attacks on web applications. **Recommendations** For Modsecurity owasp-modsecurity-crs version 3.2.0, consider updating the rules to improve protection against SQL injection attacks, and as a temporary workaround, restrict access to sensitive database operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trustwave ModSecurity versions 3.0.0 through 3.0.3 **Description** The issue allows an attacker to send crafted requests that may lead to the server becoming slow or unresponsive due to a flaw in `Transaction::addRequestHeader` in `transaction.cc`. This can cause a Denial of Service when sent quickly in large volumes. **Recommendations** For Trustwave ModSecurity versions 3.0.0 through 3.0.3, update to a version outside of this range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.