mod_security-2.9.6-2.el9_6
エラータID: AXSA:2025-10535:02
リリース日:
2025/07/22 Tuesday - 15:45
題名:
mod_security-2.9.6-2.el9_6
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- mod_security には、Content-Type が JSON のリクエストの処理に
問題があるため、リモートの攻撃者により、サービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2025-47947)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-47947
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
追加情報:
N/A
ダウンロード:
SRPMS
- mod_security-2.9.6-2.el9_6.src.rpm
MD5: 923eb6a12a59b2fd13792b83a28fe558
SHA-256: d1f63d63f561e55bae1b9eba20c809ad5ce618f0fe4e39f5bf03f1b3dc40e4d5
Size: 4.12 MB
Asianux Server 9 for x86_64
- mod_security-2.9.6-2.el9_6.x86_64.rpm
MD5: 431d69840a9a3c1315fed630fcc12678
SHA-256: b1d07a9aedd27295fe0b1536044672d778a13d187823ccba6104c00ec8f07347
Size: 274.15 kB - mod_security-mlogc-2.9.6-2.el9_6.x86_64.rpm
MD5: b62e3e35f8783fdd462a3f9717318abb
SHA-256: 47ddda79f93a768eaffa29696445674aa9ad99836fbb63e2a629c02301560545
Size: 29.14 kB
English