mod_security-2.9.6-2.el9_6.1
エラータID: AXSA:2025-10705:03
リリース日:
2025/08/07 Thursday - 15:28
題名:
mod_security-2.9.6-2.el9_6.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- mod_security にはリソース過剰消費の問題があるため、リモートの
攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-48866)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-48866
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.
追加情報:
N/A
ダウンロード:
SRPMS
- mod_security-2.9.6-2.el9_6.1.src.rpm
MD5: 1784bd5f4db02bcb85364386251a4266
SHA-256: 55e10acc72f372810770df43692552646eb8f8f491f46b49a8530ed80c430787
Size: 4.12 MB
Asianux Server 9 for x86_64
- mod_security-2.9.6-2.el9_6.1.x86_64.rpm
MD5: 35b5bf2000795bc81c8bbdbbae6272f8
SHA-256: f06942bfbdf039390a806c5a908ed49aa414a151ee0acfa08f46a6b1271a7259
Size: 274.19 kB - mod_security-mlogc-2.9.6-2.el9_6.1.x86_64.rpm
MD5: a0f2d6d0a9cb25c6df2f5f086c9c3918
SHA-256: 3ff6e2da6b53eadde3106f02e3b9d39a5a79f3f69d7615940b98bfaaacab1593
Size: 29.30 kB
English