CVE-2022-48279

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 2.9.6 ModSecurity versions 3.x prior to 3.0.8

Description The issue is related to the incorrect parsing of HTTP multipart requests, which could allow an attacker to bypass the Web Application Firewall. This is due to a flaw in the analysis of HTTP requests.

Recommendations For ModSecurity versions prior to 2.9.6, update to version 2.9.6 or later. For ModSecurity versions 3.x prior to 3.0.8, update to version 3.0.8 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-436

Related Identifiers

ALT-PU-2022-3292

ALT-PU-2023-1799

AZL-43705

AZL-45216

BDU:2024-04426

BIT-MODSECURITY-2022-48279

BIT-MODSECURITY2-2022-48279

CVE-2022-48279

DLA-3283-1

MGASA-2023-0175

OESA-2024-1334

OESA-2024-1375

OESA-2024-1376

OESA-2024-1377

OESA-2024-1378

OESA-2024-1512

OPENSUSE-SU-2023_0314-1

OPENSUSE-SU-2025:14703-1

RHSA-2023:4629

SUSE-SU-2023:0314-1

SUSE-SU-2023:0317-1

SUSE-SU-2023:0318-1

SUSE-SU-2023_0314-1

SUSE-SU-2023_0317-1

SUSE-SU-2023_0318-1

USN-6370-1

Affected Products

Alt Linux

Debian

Linuxmint

Modsecurity

Red Os

Suse

Ubuntu

CVE-2022-48279

Weakness Enumeration

Related Identifiers

Affected Products

References · 56