965 matches found
mod_security security update
2.9.6-2.1 - Resolves: RHEL-100102 - CVE-2025-48866 modsecurity: ModSecurity Denial of Service Vulnerability...
Oracle Linux 9 : mod_ (ELSA-2025-12838)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12838 advisory. 2.9.6-2.1 - Resolves: RHEL-100102 - CVE-2025-48866 modsecurity: ModSecurity Denial of Service Vulnerability Tenable has extracted the preceding description blo...
RHEL 9 : mod_security (RHSA-2025:12838)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:12838 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Denial of...
PT-2025-32001
Name of the Vulnerable Software and Affected Versions ModSecurity versions 2.9.11 and below Description ModSecurity is a web application firewall engine for Apache, IIS, and Nginx. An attacker can override the HTTP response’s Content-Type, potentially leading to issues such as cross-site scriptin...
OESA-2025-1755 mod_security security update
Security Fixes: A vulnerability was found in OWASP ModSecurity 2.9.8/2.9.10 and classified as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary...
OESA-2025-1752 mod_security security update
Security Fixes: A vulnerability was found in OWASP ModSecurity 2.9.8/2.9.10 and classified as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary...
OESA-2025-1751 mod_security security update
Security Fixes: A vulnerability was found in OWASP ModSecurity 2.9.8/2.9.10 and classified as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary...
OESA-2025-1750 mod_security security update
Security Fixes: A vulnerability was found in OWASP ModSecurity up to 2.9.9. It has been declared as critical.The manipulation of the argument sanitiseArg/sanitizeArg with an unknown input leads to a unknown weakness. The CWE definition for the vulnerability is CWE-1050. The product has a loop bod...
FreeBSD : ModSecurity -- empty XML tag causes segmentation fault (c0f3f54c-5bc4-11f0-834f-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c0f3f54c-5bc4-11f0-834f-b42e991fc52e advisory. [email protected] reports: ModSecurity is an open source, cross platform web application...
TencentOS Server 3: mod_security (TSSA-2025:0491)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0491 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 4: mod_security (TSSA-2025:0499)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0499 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
BIT-MODSECURITY2-2025-52891 ModSecurity empty XML tag causes segmentation fault
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...
BIT-MODSECURITY-2025-52891 ModSecurity empty XML tag causes segmentation fault
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...
SUSE CVE-2025-52891
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...
CVE-2025-52891
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...
DEBIAN-CVE-2025-52891
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...
UBUNTU-CVE-2025-52891
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...
CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...
CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...
CVE-2025-52891
ModSecurity (the open source WAF for Apache, IIS and Nginx) is affected in versions 2.9.8 to before 2.9.11. When SecParseXmlIntoArgs is On or OnlyArgs and a request with content-type application/xml contains an empty XML tag (e.g., ), a segmentation fault can occur. This vulnerability is fixed in...