Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/modsecurity-apache@2.9.11-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/modsecurity-apache@2.9.11-1%2Bdeb13u1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (13)
Vulnerability Summary Aliases
VCID-3vdu-xbqh-7ud6 ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. CVE-2009-5031
VCID-4s75-8asy-wyb1 The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header. CVE-2013-2765
VCID-5gw3-jywd-2qb2 security update CVE-2013-5705
VCID-b7s9-yu8p-hbhj The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. CVE-2012-4528
VCID-fc2s-mxh1-yfeh modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass CVE-2023-24021
VCID-j7n8-xubx-pqfe ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. CVE-2012-2751
VCID-k3vz-b9ar-37hq mod_security: ModSecurity segmentation fault CVE-2025-52891
VCID-kg7a-8fqh-mffc security update CVE-2021-42717
VCID-qrsw-p6vk-pydk mod_security: ModSecurity Content-Type Override Vulnerability CVE-2025-54571
VCID-sm3m-cydd-w3av mod_security: ModSecurity Denial of Service Vulnerability CVE-2025-48866
VCID-tyyt-k2cb-dygb modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947
VCID-y2r9-myqj-yye3 ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. CVE-2013-1915
VCID-y8ty-2cp5-y3gm mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass CVE-2022-48279

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:59:05.446081+00:00 Debian Importer Fixing VCID-tyyt-k2cb-dygb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:53:21.522389+00:00 Debian Importer Fixing VCID-j7n8-xubx-pqfe https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:21:49.588617+00:00 Debian Importer Fixing VCID-sm3m-cydd-w3av https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:57:57.474053+00:00 Debian Importer Fixing VCID-5gw3-jywd-2qb2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:56:44.274302+00:00 Debian Importer Fixing VCID-b7s9-yu8p-hbhj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:40:23.729572+00:00 Debian Importer Fixing VCID-4s75-8asy-wyb1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:00:59.215672+00:00 Debian Importer Fixing VCID-k3vz-b9ar-37hq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:49:31.035965+00:00 Debian Importer Fixing VCID-fc2s-mxh1-yfeh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:47:59.004769+00:00 Debian Importer Fixing VCID-qrsw-p6vk-pydk https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:06:51.936543+00:00 Debian Importer Fixing VCID-y2r9-myqj-yye3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:45:18.601938+00:00 Debian Importer Fixing VCID-kg7a-8fqh-mffc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:28:59.217166+00:00 Debian Importer Fixing VCID-3vdu-xbqh-7ud6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:06:24.401897+00:00 Debian Importer Fixing VCID-y8ty-2cp5-y3gm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:55:15.985207+00:00 Debian Importer Fixing VCID-tyyt-k2cb-dygb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:50:56.232552+00:00 Debian Importer Fixing VCID-j7n8-xubx-pqfe https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:27:34.245111+00:00 Debian Importer Fixing VCID-sm3m-cydd-w3av https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:10:10.478532+00:00 Debian Importer Fixing VCID-5gw3-jywd-2qb2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:09:15.403769+00:00 Debian Importer Fixing VCID-b7s9-yu8p-hbhj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:57:10.865075+00:00 Debian Importer Fixing VCID-4s75-8asy-wyb1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:28:39.020337+00:00 Debian Importer Fixing VCID-k3vz-b9ar-37hq https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:19:42.615270+00:00 Debian Importer Fixing VCID-fc2s-mxh1-yfeh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:18:31.726349+00:00 Debian Importer Fixing VCID-qrsw-p6vk-pydk https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:47:29.488684+00:00 Debian Importer Fixing VCID-y2r9-myqj-yye3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:30:40.461679+00:00 Debian Importer Fixing VCID-kg7a-8fqh-mffc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:19:24.549077+00:00 Debian Importer Fixing VCID-3vdu-xbqh-7ud6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:06:04.080509+00:00 Debian Importer Fixing VCID-y8ty-2cp5-y3gm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:46:03.046860+00:00 Debian Importer Fixing VCID-qrsw-p6vk-pydk https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.996512+00:00 Debian Importer Fixing VCID-k3vz-b9ar-37hq https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.937900+00:00 Debian Importer Fixing VCID-sm3m-cydd-w3av https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.870539+00:00 Debian Importer Fixing VCID-tyyt-k2cb-dygb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.802418+00:00 Debian Importer Fixing VCID-fc2s-mxh1-yfeh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.752329+00:00 Debian Importer Fixing VCID-y8ty-2cp5-y3gm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.710420+00:00 Debian Importer Fixing VCID-kg7a-8fqh-mffc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.660823+00:00 Debian Importer Fixing VCID-5gw3-jywd-2qb2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.618179+00:00 Debian Importer Fixing VCID-4s75-8asy-wyb1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.567621+00:00 Debian Importer Fixing VCID-y2r9-myqj-yye3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.516675+00:00 Debian Importer Fixing VCID-b7s9-yu8p-hbhj https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.466780+00:00 Debian Importer Fixing VCID-j7n8-xubx-pqfe https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.416663+00:00 Debian Importer Fixing VCID-3vdu-xbqh-7ud6 https://security-tracker.debian.org/tracker/data/json 38.1.0