Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-27110

Опубликовано: 25 фев. 2025
Источник: debian
EPSS Низкий

Описание

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
modsecurityfixed3.0.14-1package
modsecuritynot-affectedbookwormpackage
modsecuritynot-affectedbullseyepackage

Примечания

  • https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j

  • https://github.com/owasp-modsecurity/ModSecurity/issues/3340

  • Fixed by: https://github.com/owasp-modsecurity/ModSecurity/commit/c82e831b6640836eeef6f5418c8482063814dc34 (v3.0.14)

EPSS

Процентиль: 19%
0.0006
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-27110

CVSS3: 7.5
ubuntu
7 месяцев назад

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

redhat логотип

CVE-2025-27110

CVSS3: 8.6
redhat
7 месяцев назад

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

nvd логотип

CVE-2025-27110

CVSS3: 7.5
nvd
7 месяцев назад

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

fstec логотип

BDU:2025-02209

CVSS3: 7.5
fstec
7 месяцев назад

Уязвимость библиотеки Libmodsecurity3 межсетевого экрана для защиты веб-приложений ModSecurity, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 19%
0.0006
Низкий