DSA-5023-1 modsecurity-apache -- libapache2-mod-security2ID: oval:org.secpod.oval:def:605711 | Date: (C)2021-12-20 (M)2024-04-17 |
Class: PATCH | Family: unix |
It was discovered that modsecurity-apache, an Apache module to tighten the Web application security, does not properly handles excessively nested JSON objects, which could result in denial of service. The update introduces a new "SecRequestBodyJsonDepthLimit" option to limit the maximum request body JSON parsing depth which ModSecurity will accept .
Platform: |
Debian 10.x |
Debian 11.x |
Product: |
libapache2-mod-security2 |