[Git][security-tracker-team/security-tracker][master] Add CVE-2020-15598/modsecurity

Wed Sep 16 16:06:20 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d54b850d by Salvatore Bonaccorso at 2020-09-16T17:05:55+02:00
Add CVE-2020-15598/modsecurity

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20648,6 +20648,10 @@ CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php us
 	NOT-FOR-US: Victor CMS
 CVE-2020-15598
 	RESERVED
+	- modsecurity 3.0.4-2
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588
+	NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/
+	NOTE: https://coreruleset.org/20200914/cve-2020-15598/
 CVE-2020-15597 (SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statute ...)
 	NOT-FOR-US: SOPlanning
 CVE-2020-15596 (The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on var ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d54b850df52674bd997d00cb4c205372972aca77

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d54b850df52674bd997d00cb4c205372972aca77
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200916/345c146c/attachment.html>
