85 matches found
RHEL 9 : mod_security (RHSA-2025:13775)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13775 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Denial of...
AZL-66087 CVE-2025-54571 affecting package mod_security 2.9.7-8
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
AZL-66111 CVE-2025-54571 affecting package mod_security 2.9.4-1
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
OESA-2025-1753 mod_security security update
Security Fixes: A vulnerability was found in OWASP ModSecurity 2.9.8/2.9.10 and classified as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary...
apache2-mod_security2-2.9.11-1.1 on GA media (moderate)
apache2-modsecurity2-2.9.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:15313-1 Rating: moderate Cross-References: CVE-2025-52891 CVSS scores: CVE-2025-52891 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-52891 SUSE : 8.2...
Mageia: Security Advisory (MGASA-2025-0192)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: mod_security
Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...
Amazon Linux 2 : mod_security (ALAS-2025-2887)
The version of modsecurity installed on the remote host is prior to 2.9.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2887 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions...
Important: Red Hat Security Advisory: mod_security security update
An update for modsecurity is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
mod_security security update
2.9.6-2 - add fix for CVE-2025-47947 - Resolves: RHEL-93005...
ALSA-2025:8844 Important: mod_security security update
ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Fedora: Security Advisory (FEDORA-2025-719f4a7313)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-7faa0bc6e5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : mod_security (2025-7faa0bc6e5)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-7faa0bc6e5 advisory. This update includes modsecurity version 2.9.9 which addresses CVE-2025-47947 and includes various bug fixes. See...
apache2-mod_security2-2.9.10-1.1 on GA media (moderate)
apache2-modsecurity2-2.9.10-1.1 on GA media Announcement ID: openSUSE-SU-2025:15197-1 Rating: moderate Cross-References: CVE-2025-47947 CVE-2025-48866 CVSS scores: CVE-2025-47947 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-47947 SUSE : 8.7...
AZL-62426 CVE-2025-47947 affecting package mod_security 2.9.7-8
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
mod_security_crs bug fix and enhancement update
An update is available for modsecuritycrs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...
apache2-mod_security2-2.9.8-2.1 on GA media (moderate)
apache2-modsecurity2-2.9.8-2.1 on GA media Announcement ID: openSUSE-SU-2025:14703-1 Rating: moderate Cross-References: CVE-2022-48279 CVSS scores: CVE-2022-48279 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability...
OPENSUSE-SU-2024:10034-1 apache2-mod_security2-2.9.0-5.6 on GA media
These are all security issues fixed in the apache2-modsecurity2-2.9.0-5.6 package on the GA media of openSUSE Tumbleweed...
RHEL 7 : mod_security (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - modsecurity: incorrect parsing of HTTP multipart requests leads to web application firewall bypass CVE-2022-48279...