Redxanadu

Name of the Vulnerable Software and Affected Versions: ModSecurity versions 2.9.8 through 2.9.10 Description: The issue occurs when an empty XML tag is encountered, causing a segmentation fault. This happens if SecParseXmlIntoArgs is set to On or OnlyArgs, the request type is application/xml, and at least one XML tag is empty. Recommendations: For versions 2.9.8 through 2.9.10, update to version 2.9.11 to resolve the issue. As a temporary workaround for versions 2.9.8 through 2.9.10, consider setting SecParseXmlIntoArgs to Off.