19 matches found
mod_security security update
An update is available for modsecurity. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list ModSecurity is an open source intrusion detection and prevention engine f...
Linux Distros Unpatched Vulnerability : CVE-2025-48866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of servic...
mod_security security update
2.9.6-2.1 - Resolves: RHEL-100102 - CVE-2025-48866 modsecurity: ModSecurity Denial of Service Vulnerability...
RHEL 9 : mod_security (RHSA-2025:12838)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:12838 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Denial of...
TencentOS Server 4: mod_security (TSSA-2025:0499)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0499 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_security2 (SUSE-SU-2025:02028-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02028-1 advisory. - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of...
SUSE: Security Advisory (SUSE-SU-2025:02029-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:02028-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for apache2-mod_security2
This update for apache2-modsecurity2 fixes the following issues: CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976. Patch Instructions: To install this SUSE update us...
SUSE-SU-2025:02052-1 Security update for apache2-mod_security2
This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976...
SUSE-SU-2025:02029-1 Security update for apache2-mod_security2
This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976...
SUSE-SU-2025:02028-1 Security update for apache2-mod_security2
This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976...
Ubuntu: Security Advisory (USN-7567-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : ModSecurity vulnerabilities (USN-7567-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7567-1 advisory. Simon Studer discovered that ModSecurity incorrectly handled certain JSON...
Important: mod_security
Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...
CVE-2025-48866
A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...
CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...
CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...
CVE-2025-48866
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...