965 matches found
CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
DEBIAN-CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
Design/Logic Flaw
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
UBUNTU-CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
CVE-2021-42717
CVE-2021-42717 affects ModSecurity 3.x up to 3.0.5 (and 2.x up to 2.9.4). The flaw: excessive nesting of JSON objects causes severe resource exhaustion (DoS), with small-ish requests (e.g., ~300 KB) able to tie up workers and consume CPU. Mitigations documented across multiple sources include upg...
CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
ModSecurity安全漏洞
ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache Web Server or as a standalone application to enhance the security of Web applications and protect them from known and unknown attacks. A security vulnerability exists in ModSecurity 3.x through 3.0...
PT-2021-5748 · Unknown +5 · Modsecurity +5
Name of the Vulnerable Software and Affected Versions: ModSecurity versions 2.8.0 through 2.9.4 ModSecurity versions 3.0.0 through 3.0.5 Description: The issue is related to the mishandling of excessively nested JSON objects, which can cause the web server to be unable to service legitimate...
Vulnerability fixed in Ngnix
F5 has fixed a vulnerability in NGINX. The vulnerability makes it possible to perform a denial-of-service attack by sending corrupt json data. The vulnerability is specifically in the JSON parser of the ModSecurity WAF module of NGINX Plus. F5 has made updates available to fix the vulnerability...
ModSecurity 安全漏洞
ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache Web Server or as a standalone application to enhance the security of Web applications and protect Web applications from known and unknown attacks. A security vulnerability exists in the NGINX...
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...
DEBIAN-CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...
Cross site request forgery (csrf)
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...
UBUNTU-CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...
CVE-2021-35368
CVE-2021-35368 affects OWASP ModSecurity Core Rule Set (CRS) 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 via a Request Body Bypass caused by a trailing pathname. The issue is validated across multiple advisories: GLSA-202305-25 (Gentoo) instructs upgrading to CRS 3.2.2 or 3.3.3...