| Package | modsecurity-apache |
|---|---|
| Version | 2.9.1-2+deb9u5 (stretch) |
| Related CVEs | CVE-2025-54571 |
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario.
For Debian 9 stretch, these problems have been fixed in version 2.9.1-2+deb9u5.
We recommend that you upgrade your modsecurity-apache packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.