mod_security-2.9.6-2.el9_6
エラータID: AXSA:2025-10535:02
ModSecurity is an open source intrusion detection and prevention engine for web applications.
Security Fix(es):
* modsecurity: ModSecurity Has Possible DoS Vulnerability (CVE-2025-47947)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-47947
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
Update packages.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
N/A
SRPMS
- mod_security-2.9.6-2.el9_6.src.rpm
MD5: 923eb6a12a59b2fd13792b83a28fe558
SHA-256: d1f63d63f561e55bae1b9eba20c809ad5ce618f0fe4e39f5bf03f1b3dc40e4d5
Size: 4.12 MB
Asianux Server 9 for x86_64
- mod_security-2.9.6-2.el9_6.x86_64.rpm
MD5: 431d69840a9a3c1315fed630fcc12678
SHA-256: b1d07a9aedd27295fe0b1536044672d778a13d187823ccba6104c00ec8f07347
Size: 274.15 kB - mod_security-mlogc-2.9.6-2.el9_6.x86_64.rpm
MD5: b62e3e35f8783fdd462a3f9717318abb
SHA-256: 47ddda79f93a768eaffa29696445674aa9ad99836fbb63e2a629c02301560545
Size: 29.14 kB
日本語