CVE-2025-47947
ModSecurity Has Possible DoS Vulnerability
In short
ModSecurity versions up to 2.9.8 can be crashed when processing JSON requests if certain security rules are enabled, causing the web application firewall to stop working temporarily.
Technical detail
The vulnerability exists in ModSecurity's handling of JSON payloads when rules performing sanitiseMatchedBytes actions are active. An attacker can send crafted JSON content-type requests to trigger a denial of service condition, disabling the WAF's protection. Affects versions ≤2.9.8; patched in 2.9.9.
Summary generated and translated by AI from the official description.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
owasp-modsecurity · ModSecurityWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →