4 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mod_security (UTSA-2025-593903)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-593903 advisory. The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding...
PT-2025-27643 · Unknown · Modsecurity
Name of the Vulnerable Software and Affected Versions: ModSecurity versions 2.9.8 through 2.9.10 Description: The issue occurs when an empty XML tag is encountered, causing a segmentation fault. This happens if SecParseXmlIntoArgs is set to On or OnlyArgs, the request type is application/xml, and...
SUSE CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
UBUNTU-CVE-2022-39956
The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...