Important: Red Hat Security Advisory: mod_security security update

An update for modsecurity is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

RHEL 8 : mod_security (RHSA-2025:8626)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8626 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...

RHEL 8 : mod_security (RHSA-2025:8627)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8627 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...

Fedora 41 : mod_security (2025-719f4a7313)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-719f4a7313 advisory. This update includes modsecurity version 2.9.9 which addresses CVE-2025-47947 and includes various bug fixes. See...

RHSA-2025:8605 Red Hat Security Advisory: mod_security security update

Bulletin has no description...

Important: Red Hat Security Advisory: mod_security security update

An update for modsecurity is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

RHEL 8 : mod_security (RHSA-2025:8605)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8605 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Has Possible D...

Fedora 37 : mod_security / mod_security_crs (2022-1fd73a5285)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-1fd73a5285 advisory. - version update - security fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

CVE-2024-41801

OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...

CVE-2024-41801 OpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configuration

OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...

CVE-2024-41801

OpenProject prior to 14.3.0 is affected by an open redirect/phishing vulnerability caused by accepting forged HOST headers in default packaged installations with the Login required setting. The issue could allow redirection to a remote host when HOST/X-Forwarded-Host headers are not correctly fix...

CVE-2024-41801 OpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configuration

OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...

CVE-2024-41801 OpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configuration

OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...

RHEL 8 : mod_security (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecurity: lacking the complete content in FILESTMPCONTENT leads to web application firewall bypass...

Mageia: Security Advisory (MGASA-2024-0070)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0070 Updated apache-mod_security-crs packages fix security vulnerabilities

A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function name such as "if" and b is the SQL statement to be executed. CVE-2018-16384 Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 h...

Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Amazon Linux 2 : mod_security (ALAS-2023-2098)

The version of modsecurity installed on the remote host is prior to 2.9.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2098 advisory. In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the...

EulerOS 2.0 SP5 : mod_security (EulerOS-SA-2023-2160)

According to the versions of the modsecurity package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application...

Amazon Linux AMI : mod_security (ALAS-2023-1763)

The version of modsecurity installed on the remote host is prior to 2.8.0-5.28. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1763 advisory. In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web...