CVE-2022-48279
published 2023-01-20CVE-2022-48279: In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.17%
63.5th percentile
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | modsecurity | < modsecurity 3.0.8-1 (bookworm) | modsecurity 3.0.8-1 (bookworm) |
| debian | modsecurity-apache | < modsecurity 3.0.8-1 (bookworm) | modsecurity 3.0.8-1 (bookworm) |
| owasp | modsecurity | >= 3.0.0 < 3.0.8 | 3.0.8 |
| trustwave | modsecurity | < 2.9.6 | 2.9.6 |
| trustwave | modsecurity | >= 0 < 3.0.8-1 | 3.0.8-1 |
| trustwave | modsecurity | >= 0 < 3.0.8-1 | 3.0.8-1 |
| trustwave | modsecurity | >= 0 < 3.0.8-1 | 3.0.8-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu7.5HIGH
vendor_debian7.3HIGH
vendor_redhat7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
modsecurity-apache vulnerabilities
osv·2023-09-14·CVSS 7.5
CVE-2021-42717 [HIGH] modsecurity-apache vulnerabilities
modsecurity-apache vulnerabilities
It was discovered that ModSecurity incorrectly handled certain nested JSON
objects. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-42717)
It was discovered that ModSecurity incorrectly handled certain HTTP
multipart requests. A remote attacker could possibly use this issue
to bypass ModSecurity restrictions. (CVE-2022-48279)
It was discovered that ModSecurity incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause a
buffer overflow and a firewall failure. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-24021)
OSV
CVE-2022-48279: In ModSecurity before 2
osv·2023-01-20·CVSS 9.8
CVE-2022-48279 [CRITICAL] CVE-2022-48279: In ModSecurity before 2
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
GHSA
GHSA-6fhx-fm6h-hpxq: In ModSecurity before 2
ghsa_unreviewed·2023-01-20·CVSS 7.3
CVE-2022-48279 [HIGH] CWE-269 GHSA-6fhx-fm6h-hpxq: In ModSecurity before 2
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Ubuntu
ModSecurity vulnerabilities
vendor_ubuntu·2023-09-14·CVSS 7.5
CVE-2021-42717 [HIGH] ModSecurity vulnerabilities
Title: ModSecurity vulnerabilities
Summary: Several security issues were fixed in ModSecurity.
It was discovered that ModSecurity incorrectly handled certain nested JSON
objects. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-42717)
It was discovered that ModSecurity incorrectly handled certain HTTP
multipart requests. A remote attacker could possibly use this issue
to bypass ModSecurity restrictions. (CVE-2022-48279)
It was discovered that ModSecurity incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause a
buffer overflow and a firewall failure. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Red Hat
mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
vendor_redhat·2023-01-20·CVSS 7.3
CVE-2022-48279 [HIGH] CWE-1389 mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.
Statement: Red Hat rates this vulnerability as Moderate impact as a result of how mod_security is configured to be used in Red Hat products. Whe
Debian
CVE-2022-48279: modsecurity - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were i...
vendor_debian·2022·CVSS 7.3
CVE-2022-48279 [HIGH] CVE-2022-48279: modsecurity - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were i...
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Scope: local
bookworm: resolved (fixed in 3.0.8-1)
bullseye: open
forky: resolved (fixed in 3.0.8-1)
sid: resolved (fixed in 3.0.8-1)
trixie: resolved (fixed in 3.0.8-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/https://github.com/SpiderLabs/ModSecurity/pull/2795https://github.com/SpiderLabs/ModSecurity/pull/2797https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8https://lists.debian.org/debian-lts-announce/2023/01/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/https://github.com/SpiderLabs/ModSecurity/pull/2795https://github.com/SpiderLabs/ModSecurity/pull/2797https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8https://lists.debian.org/debian-lts-announce/2023/01/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/
2023-01-20
Published