DSA-5023-1 modsecurity-apache -- libapache2-mod-security2ID: oval:org.secpod.oval:def:77014 | Date: (C)2022-01-10 (M)2024-04-17 |
Class: PATCH | Family: unix |
It was discovered that modsecurity-apache, an Apache module to tighten the Web application security, does not properly handles excessively nested JSON objects, which could result in denial of service. The update introduces a new "SecRequestBodyJsonDepthLimit" option to limit the maximum request body JSON parsing depth which ModSecurity will accept .
Product: |
libapache2-mod-security2 |