It was discovered that modsecurity-apache, an Apache module to tighten the Web application security, does not properly handles excessively nested JSON objects, which could result in denial of service. The update introduces a new SecRequestBodyJsonDepthLimit option to limit the maximum request body JSON parsing depth which ModSecurity will accept (defaults to 10000).
Continue reading...
Continue reading...