Daytriftnewgen

**Name of the Vulnerable Software and Affected Versions** OWASP Core Rule Set versions prior to 4.22.0 OWASP Core Rule Set versions prior to 3.3.8 **Description** A bug in rule 922110 occurs when processing multipart requests containing multiple parts. When the first rule in a chain iterates over a collection, such as `MULTIPART PART HEADERS`, the capture variables `TX:0` and `TX:1` are overwritten during each iteration. Consequently, only the last captured value is available to the chained rule. This allows attackers to bypass charset validation by placing a malicious charset (e.g., UTF-7 for XSS) in an early part of the request and a legitimate charset in a subsequent part, causing the WAF to overlook the malicious payload. **Recommendations** Update to version 4.22.0. Update to version 3.3.8. As a temporary workaround, consider disabling rule 922110, although this weakens overall protection.