965 matches found
CVE-2025-47947
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
UBUNTU-CVE-2025-47947
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947
CVE-2025-47947 affects ModSecurity up to v2.9.8, where a DoS can occur when the payload is application/json and a sanitiseMatchedBytes action is present. A patch was developed (pull request 3389) and is expected in v2.9.9; no public workarounds are listed. Related advisories confirm denial-of-ser...
CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
ModSecurity 安全漏洞
ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity version 2.9.8 and earlier that stems from a potential denial of service when processing application/json content types...
PT-2025-22442 · Unknown +6 · Modsecurity +6
Name of the Vulnerable Software and Affected Versions: ModSecurity versions up to and including 2.9.8 modsecurity-apache version 2.9.3-3+deb11u3 and earlier for Debian 11 bullseye modsecurity-apache version 2.9.7-1+deb12u1 and earlier for Debian bookworm Description: A flaw was found in the mod...
ModSecurity -- possible DoS vulnerability
[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content...
ModSecurity -- Possible DoS Vulnerability
[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content...
PT-2025-23533 · Unknown +4 · Modsecurity +4
Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.10 Description: The issue is a denial of service vulnerability. It affects the sanitiseArg and its alias sanitizeArg action, which is vulnerable to adding an excessive number of arguments, leading to denial o...
BIT-MODSECURITY2-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...
BIT-MODSECURITY-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...
Linux Distros Unpatched Vulnerability : CVE-2025-27110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and...
Linux Distros Unpatched Vulnerability : CVE-2022-39958
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly...
Linux Distros Unpatched Vulnerability : CVE-2022-48279
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is...
Linux Distros Unpatched Vulnerability : CVE-2021-42717
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web serve...
Linux Distros Unpatched Vulnerability : CVE-2024-1019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3...
Linux Distros Unpatched Vulnerability : CVE-2023-38199
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attacker...