A newly disclosed vulnerability in ModSecurity, a widely used open-source web application firewall (WAF), exposes servers to denial-of-service (DoS) attacks by exploiting a flaw in the way the software parses empty XML elements. The flaw, registered as CVE-2025-52891, affects ModSecurity versions 2.9.8 to before 2.9.11 and is rated with a CVSS v3 base score of 6.5 (moderate severity). Vulnerability […]
The post ModSecurity WAF Vulnerability Enables DoS Using Empty XML Elements appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
Source: gbHackers
Source Link: https://gbhackers.com/critical-bug-in-modsecurity-waf/