965 matches found
mod_security: ModSecurity Denial of Service Vulnerability
A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...
mod_security: ModSecurity Denial of Service Vulnerability
A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...
RHEL 9 : mod_security (RHSA-2025:13670)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13670 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Denial of...
RHEL 9 : mod_security (RHSA-2025:13716)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13716 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Denial of...
Debian: Security Advisory (DLA-4265-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4265-1] modsecurity-crs security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 08, 2025 https://wiki.debian.org/LTS -...
BIT-MODSECURITY2-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
BIT-MODSECURITY-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
Debian dla-4265 : modsecurity-crs - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4265 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected]...
SUSE CVE-2025-54571
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response's Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
CVE-2025-54571
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
DEBIAN-CVE-2025-54571
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
UBUNTU-CVE-2025-54571
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
ModSecurity 安全漏洞
ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity 2.9.11 and earlier versions, which stems from a Content-Type that can override the HTTP response, potentially leading to cross-site...
CVE-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
CVE-2025-54571
CVE-2025-54571 affects ModSecurity (WAF engine for Apache/IIS/Nginx). In versions 2.9.11 and earlier, an attacker could override the HTTP response Content-Type, enabling issues such as XSS and arbitrary script-source disclosure. The vulnerability is fixed in ModSecurity 2.9.12. Remediation: upgra...
CVE-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
CVE-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
CVE-2025-54571
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
mod_security: ModSecurity Denial of Service Vulnerability
A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...