- Description
- ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-1050
- Hype score
- Not currently trending
Critical update for #openSUSE: Patch apache2-mod_security2 now for CVE-2025-47947 & CVE-2025-48866 DoS fixes. Affects Leap 15.4/15.6, SLE 15 SP4/5, Manager 4.3. Patch cmds: Read more: 👉 https://t.co/kwGpO7w3hE #CyberSecurity #LinuxAdmin https://t.co/ucT8GZL7Fj
@Cezar_H_Linux
19 Jun 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Patch #openSUSE Tumbleweed’s apache2-mod_security2 NOW! 🛠️ CVE-2025-47947 (RCE) & 48866 (SQLi bypass) fixed in v2.9.10-1.1. 🔗 Details: https://t.co/e1CLSH4sFo #LinuxSecurity #DevSecOps https://t.co/o7GSxo0QD8
@Cezar_H_Linux
4 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ModSecurity WAF vulnerability (CVE-2025-47947) Traditional WAFs are outdated and bypassable. Switch to WEBOUNCER by https://t.co/YzmadoBshH – the future-proof solution for unbreakable web security. #Cybersecurity #WEBOUNCER #impenetrable https://t.co/8mgKfYFc9J
@BrainLabVisions
3 Jun 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
kusanagi-mod_security モジュール更新情報 2.9.9-1 KUSANAGI 9 を構成している各モジュールのアップデートを行いました。 アップデートにより適用される各モジュールのバージョンは、以下のとおりとなります。 mod_secu
@primestrategyjp
28 May 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
kusanagi-mod_security モジュール更新情報 2.9.9-1 KUSANAGI 9 を構成している各モジュールのアップデートを行いました。 アップデートにより適用される各モジュールのバージョンは、以下のとおりとなります。 mod_sec
@kusanagi_saya
28 May 2025
73 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
A single HTTP request can now crash your web server! A critical ModSecurity flaw (CVE-2025-47947) is putting millions at risk. Find out if you're affected and how to patch it ASAP 👉 https://t.co/iUpF3mugPt
@tescogh97
23 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ModSecurityの未修正かつ緩和策無しのDoS脆弱性に対応するPoC(攻撃の概念実証コード)が公開。CVE-2025-47947はルールがsanitiseMatchedBytesアクションを使用する場合のJSONペイロードの取扱いにおける不備。Nアイテム
@__kokumoto
23 May 2025
702 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47947 ModSecurity WAF JSON Payload Denial of Service Vulnerability in V... https://t.co/55NnR5o0yC Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
22 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47947 ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to de… https://t.co/xufKUBlf39
@CVEnew
21 May 2025
533 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13233323-2BD5-406B-86F3-DBAD684FC5FF",
"versionEndExcluding": "2.9.9"
}
],
"operator": "OR"
}
]
}
]