Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:12838

Опубликовано: 04 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: mod_security security update

ModSecurity is an open source intrusion detection and prevention engine for web applications.

Security Fix(es):

  • mod_security: ModSecurity Denial of Service Vulnerability (CVE-2025-48866)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
mod_securityx86_642.el9_6.1mod_security-2.9.6-2.el9_6.1.x86_64.rpm
mod_security-mlogcx86_642.el9_6.1mod_security-mlogc-2.9.6-2.el9_6.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-48866

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-48866

CVSS3: 7.5
ubuntu
8 месяцев назад

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.

redhat логотип

CVE-2025-48866

CVSS3: 5.9
redhat
8 месяцев назад

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.

nvd логотип

CVE-2025-48866

CVSS3: 7.5
nvd
8 месяцев назад

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.

debian логотип

CVE-2025-48866

CVSS3: 7.5
debian
8 месяцев назад

ModSecurity is an open source, cross platform web application firewall ...

oracle-oval логотип

ELSA-2025-12838

oracle-oval
6 месяцев назад

ELSA-2025-12838: mod_security security update (MODERATE)