PT-2023-9179 · Unknown+6 · Modsecurity+6

Coldtobi

Publicado

2022-12-06

Atualizado

2025-07-03

CVE-2022-48279

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 2.9.6 ModSecurity versions 3.x prior to 3.0.8

Description The issue is related to the incorrect parsing of HTTP multipart requests, which could allow an attacker to bypass the Web Application Firewall. This is due to a flaw in the analysis of HTTP requests.

Recommendations For ModSecurity versions prior to 2.9.6, update to version 2.9.6 or later. For ModSecurity versions 3.x prior to 3.0.8, update to version 3.0.8 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-436

Identificadores relacionados

ALT-PU-2022-3292

ALT-PU-2023-1799

AZL-43705

AZL-45216

BDU:2024-04426

BIT-MODSECURITY-2022-48279

BIT-MODSECURITY2-2022-48279

CVE-2022-48279

DLA-3283-1

MGASA-2023-0175

OESA-2024-1334

OESA-2024-1375

OESA-2024-1376

OESA-2024-1377

OESA-2024-1378

OESA-2024-1512

OPENSUSE-SU-2023_0314-1

OPENSUSE-SU-2025:14703-1

RHSA-2023:4629

SUSE-SU-2023:0314-1

SUSE-SU-2023:0317-1

SUSE-SU-2023:0318-1

SUSE-SU-2023_0314-1

SUSE-SU-2023_0317-1

SUSE-SU-2023_0318-1

USN-6370-1

Produtos afetados

Alt Linux

Debian

Linuxmint

Modsecurity

Red Os

Suse

Ubuntu

PT-2023-9179 · Unknown+6 · Modsecurity+6

CVE-2022-48279

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 56