Lucene search
K

50 matches found

OSV
OSV
added 2025/06/18 2:49 p.m.4 views

BIT-MODSECURITY2-2024-46292

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...

7.5CVSS5.7AI score0.00785EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.4 views

TencentOS Server 4: mod_security (TSSA-2024:0265)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0265 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.1AI score0.00906EPSS
Exploits0References2
Amazon
Amazon
added 2025/06/12 12:0 a.m.6 views

Important: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...

7.5CVSS7AI score0.0076EPSS
Exploits2
OSV
OSV
added 2025/06/04 2:48 p.m.7 views

BIT-MODSECURITY2-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

7.5CVSS7.3AI score0.0076EPSS
Exploits1References6
OSV
OSV
added 2025/06/04 2:47 p.m.8 views

BIT-MODSECURITY-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

7.5CVSS7.3AI score0.0076EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/06/02 3:46 p.m.14 views

CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

7.5CVSS0.0076EPSS
Exploits1References4
OSV
OSV
added 2025/06/02 3:46 p.m.6 views

CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

7.5CVSS7.8AI score0.0076EPSS
Exploits1References7
OSV
OSV
added 2025/05/26 7:11 a.m.6 views

BIT-MODSECURITY2-2025-47947 ModSecurity Has Possible DoS Vulnerability

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

7.5CVSS6.9AI score0.00586EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/05/21 10:8 p.m.4 views

CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

7.5CVSS7.4AI score0.00586EPSS
Exploits1References2
CVE
CVE
added 2025/05/21 10:8 p.m.133 views

CVE-2025-47947

CVE-2025-47947 affects ModSecurity up to v2.9.8, where a DoS can occur when the payload is application/json and a sanitiseMatchedBytes action is present. A patch was developed (pull request 3389) and is expected in v2.9.9; no public workarounds are listed. Related advisories confirm denial-of-ser...

7.5CVSS6.8AI score0.00586EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.5 views

PT-2025-22442 · Unknown +6 · Modsecurity +6

Name of the Vulnerable Software and Affected Versions: ModSecurity versions up to and including 2.9.8 modsecurity-apache version 2.9.3-3+deb11u3 and earlier for Debian 11 bullseye modsecurity-apache version 2.9.7-1+deb12u1 and earlier for Debian bookworm Description: A flaw was found in the mod...

7.8CVSS7.6AI score0.0076EPSS
Exploits2References60
Positive Technologies
Positive Technologies
added 2025/05/11 12:0 a.m.6 views

PT-2025-23533 · Unknown +4 · Modsecurity +4

Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.10 Description: The issue is a denial of service vulnerability. It affects the sanitiseArg and its alias sanitizeArg action, which is vulnerable to adding an excessive number of arguments, leading to denial o...

7.8CVSS7.4AI score0.0076EPSS
Exploits2References52
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-48279

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is...

7.5CVSS7.4AI score0.01169EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.5 views

ModSecurity 安全漏洞

ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity version 3.0.13, which stems from an inability to decode encoded HTML entities containing leading zeros...

7.9CVSS8.3AI score0.00443EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.2 views

PT-2024-31947 · Unknown · Modsecurity

Name of the Vulnerable Software and Affected Versions: ModSecurity versions 3.0.12 and earlier Description: A buffer overflow in ModSecurity allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. The issue is disputed by the supplier as it cannot b...

7.5CVSS5.2AI score0.00785EPSS
Exploits0References20
OSV
OSV
added 2024/01/30 4:15 p.m.4 views

CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS8.5AI score0.00682EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.3 views

PT-2024-1513 · Unknown +2 · Libmodsecurity +3

Name of the Vulnerable Software and Affected Versions: ModSecurity / libModSecurity versions 3.0.0 through 3.0.11 Description: The issue is related to a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in...

8.6CVSS8.2AI score0.00682EPSS
Exploits0References37
CNNVD
CNNVD
added 2023/04/28 12:0 a.m.4 views

ModSecurity 资源管理错误漏洞

ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache Web Server or as a standalone application to enhance Web application security and protect Web applications from known and unknown attacks. A security vulnerability exists in Trustwave ModSecurity...

7.5CVSS6.3AI score0.00731EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.7 views

PT-2023-22029 · Trustwave · Modsecurity

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.5 through 3.0.8 Description: The issue allows a denial of service, causing worker crash and unresponsiveness. This occurs because some inputs cause a segfault in the Transaction class for certain...

7.5CVSS6.1AI score0.03206EPSS
Exploits4References22
Tenable Nessus
Tenable Nessus
added 2023/02/16 12:0 a.m.30 views

SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_security2 (SUSE-SU-2023:0431-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0431-1 advisory. - CVE-2023-24021: Fixed FILESTMPCONTENT missing complete content bsc1207379. Tenable has extracted the preceding description...

7.5CVSS6.9AI score0.00906EPSS
Exploits0References4
Rows per page
Query Builder