965 matches found
DEBIAN-CVE-2025-47947
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
UBUNTU-CVE-2025-47947
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947
CVE-2025-47947 affects ModSecurity up to v2.9.8, where a DoS can occur when the payload is application/json and a sanitiseMatchedBytes action is present. A patch was developed (pull request 3389) and is expected in v2.9.9; no public workarounds are listed. Related advisories confirm denial-of-ser...
CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
ModSecurity 安全漏洞
ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity version 2.9.8 and earlier that stems from a potential denial of service when processing application/json content types...
PT-2025-22442 · Unknown +6 · Modsecurity +6
Name of the Vulnerable Software and Affected Versions: ModSecurity versions up to and including 2.9.8 modsecurity-apache version 2.9.3-3+deb11u3 and earlier for Debian 11 bullseye modsecurity-apache version 2.9.7-1+deb12u1 and earlier for Debian bookworm Description: A flaw was found in the mod...
ModSecurity -- Possible DoS Vulnerability
[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content...
ModSecurity -- possible DoS vulnerability
[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content...
PT-2025-23533 · Unknown +4 · Modsecurity +4
Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.10 Description: The issue is a denial of service vulnerability. It affects the sanitiseArg and its alias sanitizeArg action, which is vulnerable to adding an excessive number of arguments, leading to denial o...
BIT-MODSECURITY2-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...
BIT-MODSECURITY-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...
Linux Distros Unpatched Vulnerability : CVE-2025-27110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and...
Linux Distros Unpatched Vulnerability : CVE-2023-38285
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. CVE-2023-38285 Note that Nessus relies on the presence of the package as reporte...
Linux Distros Unpatched Vulnerability : CVE-2022-39957
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional charset...
Linux Distros Unpatched Vulnerability : CVE-2022-39955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates...
Linux Distros Unpatched Vulnerability : CVE-2022-39956
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character...
Linux Distros Unpatched Vulnerability : CVE-2023-24021
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web...