Amazon Linux 2023 : mod_security, mod_security-mlogc (ALAS2023-2025-1139)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1139 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If...

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2014:081)

Updated apache-modsecurity packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

[WAF-FLE v0.6.3] Web application firewall: fast log and event console

WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc modsecurity event log handler. Features : Central event console Support Modsecurity in “traditional” and “Anomaly Scoring” Able to receive events sent from mlogc in real time or in...

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:029)

A vulnerability has been discovered and corrected in apache-modsecurity : ModSecurity = 2.6.8 is vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0 released on2012-10-16 CVE-2012-4528. The updated packages have been patched to correct this issue. NOTE: This advisory was...