Lucene search

CVE-2022-48279

🗓️ 20 Jan 2023 19:17:15Reported by mitreType

ModSecurity versions 2.9.6 & 3.x allow bypass of WAF via incorrect parsing of HTTP multipart requests

Reporter	Title	Published	Views	Family All 89
Tenable Nessus	SUSE SLES12 Security Update : apache2-mod_security2 (SUSE-SU-2023:0318-1)	14 Feb 202300:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : apache2-mod_security2 (SUSE-SU-2023:0317-1)	14 Feb 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : mod_security (ALAS-2023-1763)	9 Jun 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : mod24_security (ALAS-2023-1772)	3 Jul 202300:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_security2 (SUSE-SU-2023:0314-1)	14 Feb 202300:00	–	nessus
Tenable Nessus	RHEL 7 : mod_security (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	Debian dla-3283 : libapache2-mod-security2 - security update	27 Jan 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : mod_security (EulerOS-SA-2023-2160)	9 Jun 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : mod_security (EulerOS-SA-2023-1601)	13 Apr 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : mod_security (ALAS-2023-2098)	1 Jul 202300:00	–	nessus

Nvd

Node

trustwave modsecurityRange<2.9.6

trustwave modsecurityRange3.0.0–3.0.8

Node

debian debian_linuxMatch10.0

Source	Link
github	www.github.com/SpiderLabs/ModSecurity/pull/2797
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/
coreruleset	www.coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/
lists	www.lists.debian.org/debian-lts-announce/2023/01/msg00023.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/
github	www.github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6
github	www.github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8
github	www.github.com/SpiderLabs/ModSecurity/pull/2795

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Jan 2023 19:15Current

8.4High risk

Vulners AI Score8.4

CVSS37.5

EPSS0.01015

CWE-436