Two vulnerabilities in ModSecurity might lead to a Denial of Service.
Package | www-apache/mod_security on all architectures |
---|---|
Affected versions | < 2.5.9 |
Unaffected versions | >= 2.5.9 |
ModSecurity is a popular web application firewall for the Apache HTTP server.
Multiple vulnerabilities were discovered in ModSecurity:
A remote attacker might send requests containing specially crafted multipart data or send certain requests to access a PDF file, possibly resulting in a Denial of Service (crash) of the Apache HTTP daemon. NOTE: The PDF XSS protection is not enabled by default.
There is no known workaround at this time.
All ModSecurity users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.5.9"
Release date
July 02, 2009
Latest revision
July 02, 2009: 01
Severity
normal
Exploitable
remote
Bugzilla entries