Monthly
NGINX Open Source configured to proxy HTTP/2 traffic with proxy_http_version set to 2 combined with proxy_set_body allows remote unauthenticated attackers to inject frame headers and payload bytes to upstream peers, enabling potential header injection or request manipulation attacks. The vulnerability affects default configurations without requiring authentication or user interaction, with CVSS 5.8 indicating moderate integrity impact across networked systems. No public exploit code or active exploitation has been confirmed at this time.
Libmodsecurity is one component of the ModSecurity v3 project. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NGINX Open Source configured to proxy HTTP/2 traffic with proxy_http_version set to 2 combined with proxy_set_body allows remote unauthenticated attackers to inject frame headers and payload bytes to upstream peers, enabling potential header injection or request manipulation attacks. The vulnerability affects default configurations without requiring authentication or user interaction, with CVSS 5.8 indicating moderate integrity impact across networked systems. No public exploit code or active exploitation has been confirmed at this time.
Libmodsecurity is one component of the ModSecurity v3 project. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.