This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- FlexNet Publisher
- :
- FlexNet Publisher Knowledge Base
- :
- Vulnerability CVE-2021-42717 || ModSecurity || lmadmin
Subscribe
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Vulnerability CVE-2021-42717 || ModSecurity || lmadmin
Vulnerability CVE-2021-42717 || ModSecurity || lmadmin
A vulnerability is detected in the modsecurity component of the lmadmin used in FNP 11.18.3.0.
Current Description
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.
Resolution
FNP is planning to upgrade the modsecurity package in on-going release and will be part of 2022,R1
No ratings