FreeBSD : modsecurity3 -- multiple vulnerabilities (3c02dcfd-47d7-11f1-99fb-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3c02dcfd-47d7-11f1-99fb-3497f65b111b advisory. ModSecurity is an open source web application firewall engine. According to the upstream...

OESA-2026-1108 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

OESA-2026-1106 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

OESA-2026-1104 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

MiracleLinux 8 : mod_security-2.9.6-2.el8_10 (AXSA:2025-10011:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10011:01 advisory. modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : mod_security-2.9.6-2.el9_6.1 (AXSA:2025-10705:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10705:03 advisory. modsecurity: ModSecurity Denial of Service Vulnerability CVE-2025-48866 Tenable has extracted the preceding description block directly from the MiracleLinux...

CLSA-2025-1762421346 mod_security: Fix of CVE-2025-47947

CVE-2025-47947: fix potential DoS by adding ARGS to the sanitize list only if it's not added yet...

CVE-2021-42717 affecting package mod_security for versions less than 2.9.7-8

CVE-2021-42717 affecting package modsecurity for versions less than 2.9.7-8. An upgraded version of the package is available that resolves this issue...

CVE-2023-24021 affecting package mod_security for versions less than 2.9.7-8

CVE-2023-24021 affecting package modsecurity for versions less than 2.9.7-8. An upgraded version of the package is available that resolves this issue...

SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_security2 (SUSE-SU-2025:03422-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03422-1 advisory. - CVE-2025-54571: Fixed insufficient return value handling on modsecurity leads to xss and source code disclosure bsc1247674...

Medium: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response's Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

Amazon Linux 2 : mod_security, --advisory ALAS2-2025-2981 (ALAS-2025-2981)

The version of modsecurity installed on the remote host is prior to 2.9.12-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2981 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.1...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

apache2-mod_security2-2.9.12-1.1 on GA media (moderate)

apache2-modsecurity2-2.9.12-1.1 on GA media Announcement ID: openSUSE-SU-2025:15457-1 Rating: moderate Cross-References: CVE-2025-54571 CVSS scores: CVE-2025-54571 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2025-54571 SUSE : 6.9...

Medium: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xm...

OESA-2025-2015 mod_security security update

Security Fixes: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

RHSA-2025:13716 Red Hat Security Advisory: mod_security security update

Bulletin has no description...

RHSA-2025:13775 Red Hat Security Advisory: mod_security security update

Bulletin has no description...

RHSA-2025:13670 Red Hat Security Advisory: mod_security security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: mod_security security update

An update for modsecurity is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...