CVE-2022-39956 — Incorrect Authorization in Modsecurity
Severity
9.8CRITICALNVD
NVD7.5
EPSS
0.1%
top 69.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedSep 20
Latest updateJan 20
Description
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be explo…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages7 packages
Also affects: Debian Linux 10.0, Fedora 35, 36, 37
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-5xc6-pmr2-qj78: The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a cha↗2022-09-21
OSV▶
CVE-2022-39956: The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a cha↗2022-09-20
📋Vendor Advisories
4Red Hat▶
mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass↗2023-01-20
Red Hat
▶
Debian▶
CVE-2022-48279: modsecurity - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were i...↗2022
Debian▶
CVE-2022-39956: modsecurity-crs - The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypa...↗2022