ModSecurity Has Possible DoS Vulnerability

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

循环内过多的平台资源消耗

ModSecurity 安全漏洞

ModSecurity是OWASP ModSecurity开源的一个开源、跨平台的web应用程序防火墙（WAF）引擎。 ModSecurity 2.9.8及之前版本存在安全漏洞，该漏洞源于处理application/json内容类型时可能导致拒绝服务。

N/A

N/A