← Back

Nginx Modsecurity Waf

nginx_modsecurity_waf

Vendor: F5 • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-42717
5Debian
F5Oracle+2 more
6Debian Linux
Http ServerModsecurity+3 more
Jul 3, 2025
Dec 7, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a modera...Show more
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.Show less