Lucene search
K

19 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in ModSecurity-Apache

ModSecurity is an open-source, cross-platform Web application firewall WAF engine for Apache, IIS, and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in a specific scenario: when the payload’s content type is application/json, and there is at least one rule that...

7.5CVSS7.3AI score0.00586EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: mod_security (UTSA-2025-180756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-180756 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to...

7.5CVSS7.5AI score0.00586EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/08/14 1:51 p.m.5 views

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/08/14 1:43 p.m.2 views

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2025/06/20 1:5 p.m.4 views

Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976. Patch Instructions: To install this SUSE update us...

8.7CVSS7.3AI score0.0076EPSS
Exploits2References8
SUSE Linux
SUSE Linux
added 2025/06/19 3:17 p.m.2 views

Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976. Patch Instructions: To install this SUSE update us...

8.7CVSS7.3AI score0.0076EPSS
Exploits2References8
SUSE Linux
SUSE Linux
added 2025/06/19 3:17 p.m.2 views

Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976. Patch Instructions: To install this SUSE update us...

8.7CVSS7.8AI score0.0076EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2025/06/11 9:36 p.m.6 views

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/06/11 4:1 p.m.5 views

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/06/11 10:57 a.m.9 views

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/06/11 10:54 a.m.4 views

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/06/09 1:54 p.m.5 views

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/06/05 4:9 p.m.5 views

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2025/06/03 2:39 a.m.3 views

SUSE CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

7.5CVSS6.7AI score0.00586EPSS
Exploits1References9
OSV
OSV
added 2025/05/30 1:48 p.m.5 views

OESA-2025-1562 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

7.5CVSS6.6AI score0.00586EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/05/30 12:0 a.m.5 views

The vulnerability of the sanitiseMatchedBytes configuration of the firewall for protecting web applications, ModSecurity, allows attackers to trigger a denial-of-service attack.

The vulnerability of the sanitiseMatchedBytes configuration on the network interface for protecting web applications with ModSecurity is related to excessive resource consumption during the cycle. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.8CVSS7.5AI score0.00586EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/05/21 10:15 p.m.4 views

AZL-62426 CVE-2025-47947 affecting package mod_security 2.9.7-8

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

7.5CVSS6.8AI score0.00586EPSS
Exploits1References1
OSV
OSV
added 2025/05/21 10:15 p.m.3 views

DEBIAN-CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

7.5CVSS7.7AI score0.00586EPSS
Exploits1References1
OSV
OSV
added 2025/05/21 10:15 p.m.4 views

UBUNTU-CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

7.5CVSS7AI score0.00586EPSS
Exploits1References6
Rows per page
Query Builder