First published: Mon Sep 19 2022(Updated: )
A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection.
Credit: vulnerability@ncsc.ch
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/mod_security_crs | <3.2.2 | 3.2.2 |
redhat/mod_security_crs | <3.3.3 | 3.3.3 |
Owasp Owasp Modsecurity Core Rule Set | >=3.0.0<3.2.2 | |
Owasp Owasp Modsecurity Core Rule Set | >=3.3.0<3.3.3 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
Debian Debian Linux | =10.0 |
upgrade to 3.2.2 or 3.3.3
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-39956 is a vulnerability in the OWASP ModSecurity Core Rule Set that allows for a partial rule set bypass in HTTP multipart requests.
CVE-2022-39956 has a severity rating of 9.8 (Critical).
CVE-2022-39956 affects the OWASP ModSecurity Core Rule Set by allowing a bypass for HTTP multipart requests using certain payload character encoding schemes.
Versions 3.0.0 to 3.2.2 and versions 3.3.0 to 3.3.3 of the OWASP ModSecurity Core Rule Set are affected by CVE-2022-39956.
To fix CVE-2022-39956, it is recommended to update to version 3.2.3 or higher for versions 3.0.0 to 3.2.2, and update to version 3.3.4 or higher for versions 3.3.0 to 3.3.3 of the OWASP ModSecurity Core Rule Set.