HIGH🇬🇧 English

CVE-2025-27110

CVSS 7.9v4.0pub. 2025-02-25upd. 2025-02-28

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Trustwave Modsecurity

    APP
    Trustwave
    3.0.13
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-47947HIGH7.5ten sam produkt

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx....

CVE-2024-46292HIGH7.5ten sam produkt

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted inp...

CVE-2023-24021HIGH7.5ten sam produkt

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Fir...

CVE-2022-48279HIGH7.5ten sam produkt

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could by...

CVE-2021-42717HIGH7.5ten sam produkt

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting te...

CVE-2025-27110 — HIGH 7.9 | CVEbaza.pl