ModSecurity versions 2.5.8 and 2.5.9 have been released to fix two vulnerabilities which could be used to cause a denial of service (DoS). The first vulnerability is fixed in version 2.5.8 and the second (as it was disclosed after version 2.5.8 was already frozen) is fixed in version 2.5.9. Because of this, the 2.5.8 release should be disregarded in favor of 2.5.9. Both vulnerabilities, however, have workarounds until ModSecurity can be upgraded/patched.
(+8 rating, 2 votes)
Loading ...
Recent Comments