mod_security-2.9.6-2.el8_10

エラータID: AXSA:2025-10011:01

リリース日: 
2025/06/13 Friday - 17:57
題名: 
mod_security-2.9.6-2.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

ModSecurity is an open source intrusion detection and prevention engine for web
applications.

Security Fix(es):

modsecurity: ModSecurity Has Possible DoS Vulnerability (CVE-2025-47947)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-47947

解決策: 

Update packages.

CVE: 
CVE-2025-47947
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. mod_security-2.9.6-2.el8_10.src.rpm
    MD5: c49c9b8fde1d07ec4a2609c9efa1ec37
    SHA-256: d152115063e13ee06be016f583a99403a920d0dd994ff51dcca03d00cbd3fc99
    Size: 4.13 MB

Asianux Server 8 for x86_64
  1. mod_security-2.9.6-2.el8_10.x86_64.rpm
    MD5: 434bd1b04540d5a6658d1a109cb50ae9
    SHA-256: c455a036830dc7124a4e7d9c47c2edf8ce7d6fcdaf6f39d4587a7935d5d72b56
    Size: 269.25 kB
  2. mod_security-mlogc-2.9.6-2.el8_10.x86_64.rpm
    MD5: 7d2f5b6504f2a05553be8a6eac4313c0
    SHA-256: d33bca5cb8f82e95500b697d26626dbde4ba7d4141a6356936722bccc670f69d
    Size: 39.83 kB