CVE-2022-48279
Advisory lineage Upstream: 0 Downstream: 10
Modified
Published: 20 Jan 2023, 00:00
Last modified:03 Apr 2025, 18:43
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.94% LOW
1% probability +0.33%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 Jan 2023, 00:00
Published
Vulnerability first disclosed
03 Apr 2025, 18:43
Last Modified
Vulnerability information updated
Description
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Trends
Current EPSS score: 0.94%• Percentile: 77%
Techniques & Countermeasures
- CWE-436•Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
Affected Systems
- debian•debian_linux
10.0
- owasp•modsecurity
≥ 3.0.0, < 3.0.8
- trustwave•modsecurity
< 2.9.6
References (9)
- https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6
- https://github.com/SpiderLabs/ModSecurity/pull/2797
- https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8
- https://github.com/SpiderLabs/ModSecurity/pull/2795
- https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
- https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/