OESA-2026-1573 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

MiracleLinux 9 : mod_security-2.9.6-2.el9_6 (AXSA:2025-10535:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10535:02 advisory. modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 Tenable has extracted the preceding description block directly from the MiracleLinux...

CVE-2022-48279 affecting package mod_security for versions less than 2.9.7-8

CVE-2022-48279 affecting package modsecurity for versions less than 2.9.7-8. An upgraded version of the package is available that resolves this issue...

EUVD-2003-1161

Malware in sbrugna...

Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: CVE-2025-54571: Fixed insufficient return value handling on modsecurity leads to xss and source code disclosure bsc1247674 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Medium: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response's Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

RHSA-2025:12838 Red Hat Security Advisory: mod_security security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: mod_security security update

An update for modsecurity is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

RockyLinux 8 : mod_security (RLSA-2025:8844)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:8844 advisory. modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 Tenable has extracted the preceding description block directly from the RockyLinux security...

RLSA-2025:8844 Important: mod_security security update

ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

mod_security security update

An update is available for modsecurity. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list ModSecurity is an open source intrusion detection and prevention engine f...

OESA-2025-1754 mod_security security update

Security Fixes: A vulnerability was found in OWASP ModSecurity 2.9.8/2.9.10 and classified as critical.Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary...

OPENSUSE-SU-2025:15313-1 apache2-mod_security2-2.9.11-1.1 on GA media

These are all security issues fixed in the apache2-modsecurity2-2.9.11-1.1 package on the GA media of openSUSE Tumbleweed...

RHEL 9 : mod_security (RHSA-2025:8837)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8837 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...

RHEL 9 : mod_security (RHSA-2025:8922)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8922 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...

RHEL 8 : mod_security (RHSA-2025:8844)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8844 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...

RHEL 9 : mod_security (RHSA-2025:8917)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8917 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...

RHEL 8 : mod_security (RHSA-2025:8674)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8674 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...

Updated apache-mod_security packages fix security vulnerabilities

ModSecurity Has Possible DoS Vulnerability. CVE-2025-47947 ModSecurity has possible DoS vulnerability in sanitiseArg action. CVE-2025-48866...

Important: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...