AZL-66087

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66087.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-66087

Upstream

CVE-2025-54571

Published

2025-08-06T00:15:30Z

Modified

2026-04-21T04:37:46.551843Z

Summary

CVE-2025-54571 affecting package mod_security 2.9.7-8

Details

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-54571

Affected packages

Azure Linux:3 / mod_security

Package

Name: mod_security
Purl: pkg:rpm/azure-linux/mod_security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.9.7-8

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66087.json"