50 matches found
BIT-MODSECURITY2-2024-46292
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...
TencentOS Server 4: mod_security (TSSA-2024:0265)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0265 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Important: mod_security
Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...
BIT-MODSECURITY2-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...
BIT-MODSECURITY-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...
CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...
CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...
BIT-MODSECURITY2-2025-47947 ModSecurity Has Possible DoS Vulnerability
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947
CVE-2025-47947 affects ModSecurity up to v2.9.8, where a DoS can occur when the payload is application/json and a sanitiseMatchedBytes action is present. A patch was developed (pull request 3389) and is expected in v2.9.9; no public workarounds are listed. Related advisories confirm denial-of-ser...
PT-2025-22442 · Unknown +6 · Modsecurity +6
Name of the Vulnerable Software and Affected Versions: ModSecurity versions up to and including 2.9.8 modsecurity-apache version 2.9.3-3+deb11u3 and earlier for Debian 11 bullseye modsecurity-apache version 2.9.7-1+deb12u1 and earlier for Debian bookworm Description: A flaw was found in the mod...
PT-2025-23533 · Unknown +4 · Modsecurity +4
Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.10 Description: The issue is a denial of service vulnerability. It affects the sanitiseArg and its alias sanitizeArg action, which is vulnerable to adding an excessive number of arguments, leading to denial o...
Linux Distros Unpatched Vulnerability : CVE-2022-48279
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is...
ModSecurity 安全漏洞
ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity version 3.0.13, which stems from an inability to decode encoded HTML entities containing leading zeros...
PT-2024-31947 · Unknown · Modsecurity
Name of the Vulnerable Software and Affected Versions: ModSecurity versions 3.0.12 and earlier Description: A buffer overflow in ModSecurity allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. The issue is disputed by the supplier as it cannot b...
CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
PT-2024-1513 · Unknown +2 · Libmodsecurity +3
Name of the Vulnerable Software and Affected Versions: ModSecurity / libModSecurity versions 3.0.0 through 3.0.11 Description: The issue is related to a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in...
ModSecurity 资源管理错误漏洞
ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache Web Server or as a standalone application to enhance Web application security and protect Web applications from known and unknown attacks. A security vulnerability exists in Trustwave ModSecurity...
PT-2023-22029 · Trustwave · Modsecurity
Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.5 through 3.0.8 Description: The issue allows a denial of service, causing worker crash and unresponsiveness. This occurs because some inputs cause a segfault in the Transaction class for certain...
SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_security2 (SUSE-SU-2023:0431-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0431-1 advisory. - CVE-2023-24021: Fixed FILESTMPCONTENT missing complete content bsc1207379. Tenable has extracted the preceding description...