cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerability CVE-2021-42717 || ModSecurity || lmadmin

Vulnerability CVE-2021-42717 || ModSecurity || lmadmin

A   vulnerability is detected in the modsecurity component of the lmadmin used in FNP 11.18.3.0.

 Current Description

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.

Resolution

FNP is planning to upgrade the modsecurity package in on-going release and will be part of 2022,R1

Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Jan 06, 2022 12:57 AM
Updated by:
Contributors