- Description
- ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least one XML tag is empty (eg <foo></foo>), then a segmentation fault occurs. This issue has been patched in version 2.9.11. A workaround involves setting SecParseXmlIntoArgs to Off.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-20
- Hype score
- Not currently trending
kusanagi-mod_security モジュール更新情報 2.9.11-1 KUSANAGI 9 を構成している各モジュールのアップデートを行いました。 アップデートにより適用される各モジュールのバージョンは、以下のとおりとなります。 mod_se
@kusanagi_saya
3 Jul 2025
204 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
1 Quote
ModSecurityのWAFエンジンに新たなDoS脆弱性(CVE-2025-52891)が発見された。 mod_security2の特定バージョン(2.9.8〜2.9.10)で、SecParseXmlIntoArgs機能を有効にした場合、空のXMLタグを含むリクエストを処理するとセグメン
@yousukezan
2 Jul 2025
615 Impressions
0 Retweets
2 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2025-52891 ModSecurity WAF Segmentation Fault via Empty XML Tag in Versions 2.9.8 to 2.9.10 https://t.co/PcTtbq43x4
@VulmonFeeds
2 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52891 ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag ca… https://t.co/IECLfjY3Pt
@CVEnew
2 Jul 2025
356 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes