CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

ModSecurity 安全漏洞

ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity versions prior to 2.9.10, which stems from a sanitiseArg operation that may add too many parameters, potentially resulting in a deni...

ModSecurity -- possible DoS vulnerability

[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg -...

FreeBSD : ModSecurity -- Possible DoS Vulnerability (a372abb0-3d3c-11f0-86e7-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a372abb0-3d3c-11f0-86e7-b42e991fc52e advisory. [email protected] reports: ModSecurity is an open source, cross platform web application...

OESA-2025-1562 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

OESA-2025-1560 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

OESA-2025-1559 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

The vulnerability of the sanitiseMatchedBytes configuration of the firewall for protecting web applications, ModSecurity, allows attackers to trigger a denial-of-service attack.

The vulnerability of the sanitiseMatchedBytes configuration on the network interface for protecting web applications with ModSecurity is related to excessive resource consumption during the cycle. Exploiting this vulnerability can allow an attacker to cause service interruptions...

Debian: Security Advisory (DLA-4192-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4192-1] modsecurity-apache security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4192-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 29, 2025 https://wiki.debian.org/LTS -...

DLA-4192-1 modsecurity-apache - security update

Bulletin has no description...

Debian dla-4192 : libapache2-mod-security2 - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4192 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4192-1 [email protected] https://www.debian.org/lts/security/...

BIT-MODSECURITY2-2025-47947 ModSecurity Has Possible DoS Vulnerability

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

BIT-MODSECURITY-2025-47947 ModSecurity Has Possible DoS Vulnerability

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

CVE-2023-38199

coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

CVE-2019-11391

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested repetition operators. NOTE: the softwa...

CVE-2019-11387

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

DEBIAN-CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...