F5 Networks Nginx Modsecurity Waf
Recent F5 Networks Nginx Modsecurity Waf Security Advisories
| Advisory | Title | Published |
|---|---|---|
| K50839343 | K50839343: NGINX ModSecurity WAF vulnerability CVE-2021-42717 | December 3, 2021 |
By the Year
In 2024 there have been 0 vulnerabilities in F5 Networks Nginx Modsecurity Waf . Nginx Modsecurity Waf did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Nginx Modsecurity Waf vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F5 Networks Nginx Modsecurity Waf Security Vulnerabilities
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects
CVE-2021-42717
7.5 - High
- December 07, 2021
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.
Stack Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by F5 Networks? Click the Watch button to subscribe.
