high
7.5
CWE
116 863
Advisory Published
Updated

CVE-2022-39958: Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range

First published: Tue Sep 20 2022(Updated: )

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher.

Credit: vulnerability@ncsc.ch

Affected SoftwareAffected VersionHow to fix
Owasp Owasp Modsecurity Core Rule Set>=3.0.0<3.2.2
Owasp Owasp Modsecurity Core Rule Set>=3.3.0<3.3.3
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Debian Debian Linux=10.0

Remedy

https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/

Remedy

upgrade to 3.2.2 or 3.3.3 and configure a CRS paranoia level of 3 or higher.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-39958?

    CVE-2022-39958 is a vulnerability in the OWASP ModSecurity Core Rule Set (CRS) that allows for the sequential exfiltration of small and undetectable sections of data.

  • How does CVE-2022-39958 work?

    CVE-2022-39958 works by repeatedly submitting an HTTP Range header field with a small byte range, bypassing the response body and allowing for data exfiltration.

  • Which software is affected by CVE-2022-39958?

    The OWASP ModSecurity Core Rule Set (CRS) versions 3.0.0 to 3.2.2 and versions 3.3.0 to 3.3.3 are affected by CVE-2022-39958. Additionally, Fedora versions 35, 36, and 37, as well as Debian Linux 10.0, are also affected.

  • What is the severity of CVE-2022-39958?

    CVE-2022-39958 has a severity score of 7.5, indicating a high level of vulnerability.

  • How can CVE-2022-39958 be fixed?

    To fix CVE-2022-39958, it is recommended to update to the latest versions of the OWASP ModSecurity Core Rule Set (CRS) or apply the necessary patches provided by the software vendor.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203