rpm package
suse/apache2-mod_security2&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/apache2-mod_security2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-48866 | — | < 2.9.2-150000.3.12.1 | 2.9.2-150000.3.12.1 | Jun 2, 2025 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same | ||
| CVE-2025-47947 | — | < 2.9.2-150000.3.12.1 | 2.9.2-150000.3.12.1 | May 21, 2025 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application | ||
| CVE-2023-24021 | — | < 2.9.2-150000.3.9.1 | 2.9.2-150000.3.9.1 | Jan 20, 2023 | Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | ||
| CVE-2022-48279 | — | < 2.9.2-150000.3.6.1 | 2.9.2-150000.3.6.1 | Jan 20, 2023 | In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. |
- CVE-2025-48866Jun 2, 2025affected < 2.9.2-150000.3.12.1fixed 2.9.2-150000.3.12.1
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same
- CVE-2025-47947May 21, 2025affected < 2.9.2-150000.3.12.1fixed 2.9.2-150000.3.12.1
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application
- CVE-2023-24021Jan 20, 2023affected < 2.9.2-150000.3.9.1fixed 2.9.2-150000.3.9.1
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
- CVE-2022-48279Jan 20, 2023affected < 2.9.2-150000.3.6.1fixed 2.9.2-150000.3.6.1
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.