2 matches found
SUSE CVE-2022-39955
The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...
PT-2022-25142 · Owasp +1 · Owasp Modsecurity Core Rule Set +1
Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions 3.0.x through 3.3.2 Description: The issue concerns a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A...