Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (13)
Vulnerability Summary Aliases
VCID-3vdu-xbqh-7ud6 ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. CVE-2009-5031
VCID-4s75-8asy-wyb1 The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header. CVE-2013-2765
VCID-5gw3-jywd-2qb2 security update CVE-2013-5705
VCID-b7s9-yu8p-hbhj The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. CVE-2012-4528
VCID-fc2s-mxh1-yfeh modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass CVE-2023-24021
VCID-j7n8-xubx-pqfe ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. CVE-2012-2751
VCID-k3vz-b9ar-37hq mod_security: ModSecurity segmentation fault CVE-2025-52891
VCID-kg7a-8fqh-mffc security update CVE-2021-42717
VCID-qrsw-p6vk-pydk mod_security: ModSecurity Content-Type Override Vulnerability CVE-2025-54571
VCID-sm3m-cydd-w3av mod_security: ModSecurity Denial of Service Vulnerability CVE-2025-48866
VCID-tyyt-k2cb-dygb modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947
VCID-y2r9-myqj-yye3 ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. CVE-2013-1915
VCID-y8ty-2cp5-y3gm mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass CVE-2022-48279

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:59:05.434044+00:00 Debian Importer Fixing VCID-tyyt-k2cb-dygb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:53:21.516112+00:00 Debian Importer Fixing VCID-j7n8-xubx-pqfe https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:21:49.574966+00:00 Debian Importer Fixing VCID-sm3m-cydd-w3av https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:57:57.468969+00:00 Debian Importer Fixing VCID-5gw3-jywd-2qb2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:56:44.268539+00:00 Debian Importer Fixing VCID-b7s9-yu8p-hbhj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:40:23.722267+00:00 Debian Importer Fixing VCID-4s75-8asy-wyb1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:00:59.203580+00:00 Debian Importer Fixing VCID-k3vz-b9ar-37hq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:49:31.028996+00:00 Debian Importer Fixing VCID-fc2s-mxh1-yfeh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:47:58.998699+00:00 Debian Importer Fixing VCID-qrsw-p6vk-pydk https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:06:51.930012+00:00 Debian Importer Fixing VCID-y2r9-myqj-yye3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:45:18.596479+00:00 Debian Importer Fixing VCID-kg7a-8fqh-mffc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:28:59.214924+00:00 Debian Importer Fixing VCID-3vdu-xbqh-7ud6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:06:24.396814+00:00 Debian Importer Fixing VCID-y8ty-2cp5-y3gm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:55:15.971596+00:00 Debian Importer Fixing VCID-tyyt-k2cb-dygb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:50:56.225587+00:00 Debian Importer Fixing VCID-j7n8-xubx-pqfe https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:27:34.231168+00:00 Debian Importer Fixing VCID-sm3m-cydd-w3av https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:10:10.473710+00:00 Debian Importer Fixing VCID-5gw3-jywd-2qb2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:09:15.397673+00:00 Debian Importer Fixing VCID-b7s9-yu8p-hbhj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:57:10.858141+00:00 Debian Importer Fixing VCID-4s75-8asy-wyb1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:28:39.007133+00:00 Debian Importer Fixing VCID-k3vz-b9ar-37hq https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:19:42.608128+00:00 Debian Importer Fixing VCID-fc2s-mxh1-yfeh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:18:31.720084+00:00 Debian Importer Fixing VCID-qrsw-p6vk-pydk https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:47:29.481003+00:00 Debian Importer Fixing VCID-y2r9-myqj-yye3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:30:40.456671+00:00 Debian Importer Fixing VCID-kg7a-8fqh-mffc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:19:24.544243+00:00 Debian Importer Fixing VCID-3vdu-xbqh-7ud6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:06:04.075433+00:00 Debian Importer Fixing VCID-y8ty-2cp5-y3gm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:46:03.013370+00:00 Debian Importer Fixing VCID-qrsw-p6vk-pydk https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.954927+00:00 Debian Importer Fixing VCID-k3vz-b9ar-37hq https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.887334+00:00 Debian Importer Fixing VCID-sm3m-cydd-w3av https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.819214+00:00 Debian Importer Fixing VCID-tyyt-k2cb-dygb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.769019+00:00 Debian Importer Fixing VCID-fc2s-mxh1-yfeh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.724304+00:00 Debian Importer Fixing VCID-y8ty-2cp5-y3gm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.674588+00:00 Debian Importer Fixing VCID-kg7a-8fqh-mffc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.632042+00:00 Debian Importer Fixing VCID-5gw3-jywd-2qb2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.584500+00:00 Debian Importer Fixing VCID-4s75-8asy-wyb1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.533449+00:00 Debian Importer Fixing VCID-y2r9-myqj-yye3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.483558+00:00 Debian Importer Fixing VCID-b7s9-yu8p-hbhj https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.433413+00:00 Debian Importer Fixing VCID-j7n8-xubx-pqfe https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:02.385968+00:00 Debian Importer Fixing VCID-3vdu-xbqh-7ud6 https://security-tracker.debian.org/tracker/data/json 38.1.0