CVE-2022-48279
CVSS V2 None
CVSS V3 None
Description
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Overview
- CVE ID
- CVE-2022-48279
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2023-01-20T19:15:17
- Last Modified Date
- 2023-04-22T03:15:08
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:* | 1 | OR | 2.9.6 | |
| cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:* | 1 | OR | 3.0.0 | 3.0.8 |
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ | Not Applicable |
| https://github.com/SpiderLabs/ModSecurity/pull/2795 | Patch Third Party Advisory |
| https://github.com/SpiderLabs/ModSecurity/pull/2797 | Patch Third Party Advisory |
| https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6 | Release Notes Third Party Advisory |
| https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8 | Release Notes Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html | Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/ | |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/ | |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-48279 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48279 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-01-20 21:14:27 | Added to TrackCVE | |||
| 2023-01-23 15:14:25 | 2023-01-23T15:08:08 | CVE Modified Date | updated | |
| 2023-01-23 15:14:25 | Received | Awaiting Analysis | Vulnerability Status | updated |
| 2023-01-26 23:15:32 | 2023-01-26T21:18:06 | CVE Modified Date | updated | |
| 2023-01-26 23:15:33 | References | updated | ||
| 2023-01-31 12:13:28 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2023-02-02 15:14:47 | 2023-02-02T14:20:11 | CVE Modified Date | updated | |
| 2023-02-02 15:14:47 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2023-02-02 15:14:47 | Weakness Enumeration | new | ||
| 2023-02-02 15:14:48 | CPE Information | updated | ||
| 2023-04-22 04:02:48 | 2023-04-22T03:15:08 | CVE Modified Date | updated | |
| 2023-04-22 04:02:48 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-04-22 04:02:49 | References | updated |