ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global matching of regular expressions. The combination of a non-anchored regular expression and the ModSecurity “capture” action can be exploited via a specially crafted payload. Known Affected Software Configurations: ModSecurity v3.0.0 ModSecurity v3.0.1 ModSecurity v3.0.2 ModSecurity v3.0.3 ModSecurity v3.0.4 (patch for this version available
External References: https://coreruleset.org/20200914/cve-2020-15598/
Created libmodsecurity tracking bugs for this issue: Affects: epel-7 [bug 1879590] Affects: fedora-all [bug 1879589]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.