5 matches found
Amazon Linux 2023 : mod_security, mod_security-mlogc (ALAS2023-2025-1139)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1139 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If...
OESA-2025-1752 mod_security security update
Security Fixes: A vulnerability was found in OWASP ModSecurity 2.9.8/2.9.10 and classified as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary...
apache2-mod_security2-2.9.11-1.1 on GA media (moderate)
apache2-modsecurity2-2.9.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:15313-1 Rating: moderate Cross-References: CVE-2025-52891 CVSS scores: CVE-2025-52891 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-52891 SUSE : 8.2...
CVE-2025-52891
creationtimestamp| type| source ---|---|--- 2025-07-02 15:30:07+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114784351442677607 2025-07-03 07:29:00+00:00| seen| https://bsky.app/profile/undercodenews.bsky.social/post/3lt27egd34h2a 2026-01-21 21:18:16+00:00| seen|...
CVE-2025-52891
ModSecurity (the open source WAF for Apache, IIS and Nginx) is affected in versions 2.9.8 to before 2.9.11. When SecParseXmlIntoArgs is On or OnlyArgs and a request with content-type application/xml contains an empty XML tag (e.g., ), a segmentation fault can occur. This vulnerability is fixed in...