CVE-2025-47947 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable…
High CVSS: 7.5

CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
Vendor
Trustwave
Product
Modsecurity
CWE
CWE-1050
Yayın Tarihi
2025-05-21 22:15:50
Güncelleme
2025-06-20 16:13:40
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-1050 Modsecurity HIGH Trustwave 2025

Referanslar

https://github.com/owasp-modsecurity/ModSecurity/pull/3389 https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r