CVE-2022-48279 — Incorrect Parsing of Numbers with Different Radices in Modsecurity

CWE-1389 — Incorrect Parsing of Numbers with Different Radices CWE-269 — Improper Privilege Management CWE-436 — Interpretation Conflict8 documents7 sources

Severity

7.5HIGHNVD

CNA7.3OSV9.8

EPSS

0.6%

top 29.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trustwave Modsecurity Owasp Modsecurity Debian Linux

Timeline

PublishedJan 20

Latest updateSep 14

Description

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDowasp/modsecurity3.0.0 — 3.0.8

▶NVDtrustwave/modsecurity< 2.9.6

▶Debiantrustwave/modsecurity< 3.0.8-1+2

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

modsecurity-apache vulnerabilities↗2023-09-14

▶

CVEList

CVE-2022-48279: In ModSecurity before 2↗2023-01-20

▶

OSV

CVE-2022-48279: In ModSecurity before 2↗2023-01-20

▶

GHSA

GHSA-6fhx-fm6h-hpxq: In ModSecurity before 2↗2023-01-20

▶

📋Vendor Advisories

Ubuntu

ModSecurity vulnerabilities↗2023-09-14

▶

Red Hat

mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass↗2023-01-20

▶

Debian

CVE-2022-48279: modsecurity - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were i...↗2022

▶