openSUSE Security Advisory (SUSE-SU-2025:03422-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : apache2-mod_security2 (SUSE-SU-2025:03423-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03423-1 advisory. - CVE-2025-54571: Fixed insufficient return value handling on modsecurity leads to xss and source code disclosure bsc1247674 Tenable has extracted the...

SUSE-SU-2025:03422-1 Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-54571: Fixed insufficient return value handling on modsecurity leads to xss and source code disclosure bsc1247674...

[SECURITY] [DLA 4294-1] modsecurity-apache security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4294-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 07, 2025 https://wiki.debian.org/LTS -...

OESA-2025-2016 mod_security security update

Security Fixes: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

OESA-2025-2013 mod_security security update

Security Fixes: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

OESA-2025-2014 mod_security security update

Security Fixes: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

OESA-2025-2012 mod_security security update

Security Fixes: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

SUSE CVE-2025-54571

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response's Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

CVE-2025-54571

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

CVE-2025-54571

CVE-2025-54571 affects ModSecurity (WAF engine for Apache/IIS/Nginx). In versions 2.9.11 and earlier, an attacker could override the HTTP response Content-Type, enabling issues such as XSS and arbitrary script-source disclosure. The vulnerability is fixed in ModSecurity 2.9.12. Remediation: upgra...