CVE-2022-48279
Summary
| CVE | CVE-2022-48279 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-01-20 19:15:00 UTC |
|---|
| Updated | 2023-11-07 03:56:00 UTC |
|---|
| Description | In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Release v3.0.8 · SpiderLabs/ModSecurity · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 38 Update: mod_security-2.9.7-1.fc38 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: mod_security-2.9.7-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Multipart parsing fixes and new MULTIPART_PART_HEADERS collection by martinhsv · Pull Request #2795 · SpiderLabs/ModSecurity · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 37 Update: mod_security-2.9.7-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CRS Version 3.3.3 and 3.2.2 (covering several CVEs) – OWASP ModSecurity Core Rule Set |
MISC |
coreruleset.org |
|
| [SECURITY] Fedora 38 Update: mod_security-2.9.7-1.fc38 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Multipart parsing fixes and new MULTIPART_PART_HEADERS collection by martinhsv · Pull Request #2797 · SpiderLabs/ModSecurity · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 36 Update: mod_security-2.9.7-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] [DLA 3283-1] modsecurity-apache security update |
MLIST |
lists.debian.org |
|
| [SECURITY] Fedora 36 Update: mod_security-2.9.7-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Release v2.9.6 · SpiderLabs/ModSecurity · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181504 Debian Security Update for modsecurity-apache (DLA 3283-1)
- 184187 Debian Security Update for modsecurity-apachemodsecurity (CVE-2022-48279)
- 199752 Ubuntu Security Notification for ModSecurity Vulnerabilities (USN-6370-1)
- 241954 Red Hat Update for JBoss Core Services (RHSA-2023:4629)
- 283914 Fedora Security Update for mod_security (FEDORA-2023-8aa264d5c5)
- 283915 Fedora Security Update for mod_security (FEDORA-2023-09f0496e60)
- 284175 Fedora Security Update for mod_security (FEDORA-2023-bc61f7a145)
- 355424 Amazon Linux Security Advisory for mod_security : ALAS-2023-1763
- 355514 Amazon Linux Security Advisory for mod_security : AL2012-2023-413
- 355544 Amazon Linux Security Advisory for mod_security : ALAS2-2023-2098
- 355560 Amazon Linux Security Advisory for mod24_security : ALAS-2023-1772
- 672871 EulerOS Security Update for mod_security (EulerOS-SA-2023-1601)
- 673115 EulerOS Security Update for mod_security (EulerOS-SA-2023-2160)
- 753652 SUSE Enterprise Linux Security Update for apache2-mod_security2 (SUSE-SU-2023:0314-1)
- 753654 SUSE Enterprise Linux Security Update for apache2-mod_security2 (SUSE-SU-2023:0318-1)
- 753655 SUSE Enterprise Linux Security Update for apache2-mod_security2 (SUSE-SU-2023:0317-1)
