CNNVD-202508-406 Information
CNNVD ID
CNNVD-202508-406
Related CVE
- CNNVD Published: 2025-08-06
Description (Chinese)
ModSecurity是OWASP ModSecurity开源的一个开源、跨平台的web应用程序防火墙(WAF)引擎。 ModSecurity 2.9.11及之前版本存在安全漏洞,该漏洞源于可覆盖HTTP响应的Content-Type,可能导致跨站脚本攻击和脚本源代码泄露。
Description (English)
ModSecurity is an open source of OWASP ModSecurity, a cross-platform web application firewall (WAF) engine. ModSecurity 2.9.11 and previous versions contain a security loophole, which originates from Content-Type, which can cover the HTTP response and may lead to a cross-site script attack and a leak of the scrip source code.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OWASP ModSecurity
Published
2025-08-06
Last Modified
2026-02-24
References
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8 https://github.com/owasp-modsecurity/ModSecurity/issues/2514 https://www.oracle.com/security-alerts/cpujan2026.html
Patch
https://github.com/owasp-modsecurity/ModSecurity/releases
Share on: