Lucene search
MitreCVELIST:CVE-2023-38199HistoryJul 13, 2023 - 12:00 a.m.
CVE-2023-38199
2023-07-1300:00:00
mitre
www.cve.org
cve-2023-38199
coreruleset
content-type confusion
waf
crafted payload
web application
malformed header
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka “Content-Type confusion” between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header.
Related
cve
cve
CVE-2023-38199
2023-07-13 03:15:10
osv
osv
CVE-2023-38199
2023-07-13 03:15:10
ubuntucve
ubuntucve
CVE-2023-38199
2023-07-13 00:00:00
nvd
nvd
CVE-2023-38199
2023-07-13 03:15:10
debiancve
debiancve
CVE-2023-38199
2023-07-13 03:15:10
prion
prion
Type confusion
2023-07-13 03:15:00
veracode
veracode
Type Confusion
2023-08-05 20:12:58
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
nessus
nessus
Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities
2024-02-29 00:00:00