Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ModSecurity Has Possible DoS Vulnerability
Vulnerability Description
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
循环内过多的平台资源消耗
Vulnerability Title
ModSecurity 安全漏洞
Vulnerability Description
ModSecurity是OWASP ModSecurity开源的一个开源、跨平台的web应用程序防火墙(WAF)引擎。 ModSecurity 2.9.8及之前版本存在安全漏洞,该漏洞源于处理application/json内容类型时可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A