[SECURITY] Fedora 42 Update: mod_security-2.9.9-1.fc42

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...

[SECURITY] Fedora 41 Update: mod_security-2.9.9-1.fc41

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks...

FreeBSD : ModSecurity -- possible DoS vulnerability (fa1d42c8-42fe-11f0-a9fa-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fa1d42c8-42fe-11f0-a9fa-b42e991fc52e advisory. [email protected] reports: ModSecurity is an open source, cross platform web application...

FreeBSD : ModSecurity -- possible DoS vulnerability (ecea70d2-42fe-11f0-a9fa-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ecea70d2-42fe-11f0-a9fa-b42e991fc52e advisory. [email protected] reports: ModSecurity is an open source, cross platform web application...

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

BIT-MODSECURITY2-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

BIT-MODSECURITY-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

[SECURITY] Fedora 41 Update: libmodsecurity-3.0.14-1.fc41

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...

[SECURITY] Fedora 42 Update: libmodsecurity-3.0.14-1.fc42

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...

SUSE CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

SUSE CVE-2025-48866

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

CVE-2025-48866

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

DEBIAN-CVE-2025-48866

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

AZL-62231 CVE-2025-48866 affecting package mod_security 2.9.7-8

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

AZL-62229 CVE-2025-48866 affecting package mod_security 2.9.4-1

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

UBUNTU-CVE-2025-48866

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

CVE-2025-48866

ModSecurity (mod_security) WAF engine for Apache/Nginx/IIS is affected by CVE-2025-48866. In ModSecurity versions prior to 2.9.10, the sanitiseArg (and alias sanitizeArg) action can be abused to add an excessive number of arguments, leading to a denial of service. Astra Linux advisories confirm t...

CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

CVE-2025-48866

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...