44 matches found
MiracleLinux 9 : mod_security-2.9.6-2.el9_6 (AXSA:2025-10535:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10535:02 advisory. modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 Tenable has extracted the preceding description block directly from the MiracleLinux...
TencentOS Server 4: mod_security (TSSA-2025:0407)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0407 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CLSA-2025-1762421346 mod_security: Fix of CVE-2025-47947
CVE-2025-47947: fix potential DoS by adding ARGS to the sanitize list only if it's not added yet...
RLSA-2025:8837 Important: mod_security security update
ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Linux Distros Unpatched Vulnerability : CVE-2025-47947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable t...
RLSA-2025:8844 Important: mod_security security update
ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
RHEL 9 : mod_security (RHSA-2025:8917)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8917 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...
RHEL 9 : mod_security (RHSA-2025:8837)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8837 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...
RHEL 9 : mod_security (RHSA-2025:8922)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8922 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...
RHEL 8 : mod_security (RHSA-2025:8844)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8844 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...
SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_security2 (SUSE-SU-2025:02028-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02028-1 advisory. - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of...
openSUSE Security Advisory (SUSE-SU-2025:02028-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:02029-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for apache2-mod_security2
This update for apache2-modsecurity2 fixes the following issues: CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976. Patch Instructions: To install this SUSE update us...
SUSE-SU-2025:02052-1 Security update for apache2-mod_security2
This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976...
SUSE-SU-2025:02029-1 Security update for apache2-mod_security2
This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976...
SUSE-SU-2025:02028-1 Security update for apache2-mod_security2
This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976...
Ubuntu: Security Advisory (USN-7567-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : ModSecurity vulnerabilities (USN-7567-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7567-1 advisory. Simon Studer discovered that ModSecurity incorrectly handled certain JSON...
Important: mod_security
Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...