CWE
116 863
Advisory Published
CVE Published
Updated

CVE-2022-39956: Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

First published: Mon Sep 19 2022(Updated: )

A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection.

Credit: vulnerability@ncsc.ch

Affected SoftwareAffected VersionHow to fix
redhat/mod_security_crs<3.2.2
3.2.2
redhat/mod_security_crs<3.3.3
3.3.3
Owasp Owasp Modsecurity Core Rule Set>=3.0.0<3.2.2
Owasp Owasp Modsecurity Core Rule Set>=3.3.0<3.3.3
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Debian Debian Linux=10.0

Remedy

upgrade to 3.2.2 or 3.3.3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2022-39956?

    CVE-2022-39956 is a vulnerability in the OWASP ModSecurity Core Rule Set that allows for a partial rule set bypass in HTTP multipart requests.

  • What is the severity of CVE-2022-39956?

    CVE-2022-39956 has a severity rating of 9.8 (Critical).

  • How does CVE-2022-39956 affect OWASP ModSecurity Core Rule Set?

    CVE-2022-39956 affects the OWASP ModSecurity Core Rule Set by allowing a bypass for HTTP multipart requests using certain payload character encoding schemes.

  • Which versions of OWASP ModSecurity Core Rule Set are affected by CVE-2022-39956?

    Versions 3.0.0 to 3.2.2 and versions 3.3.0 to 3.3.3 of the OWASP ModSecurity Core Rule Set are affected by CVE-2022-39956.

  • How can I fix CVE-2022-39956?

    To fix CVE-2022-39956, it is recommended to update to version 3.2.3 or higher for versions 3.0.0 to 3.2.2, and update to version 3.3.4 or higher for versions 3.3.0 to 3.3.3 of the OWASP ModSecurity Core Rule Set.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203