CVE-2022-48279

High

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application…

mitre·CWE-436·Published 2023-01-20

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

268 chars

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.

NVDen

268 chars

NVDes

308 chars

En ModSecurity anterior a 2.9.6 y 3.x anterior a 3.0.8, las solicitudes HTTP multiparte se analizaban incorrectamente y podían omitir el Firewall de aplicaciones web. NOTA: esto está relacionado con CVE-2022-39956, pero puede considerarse cambios independientes en el código base de ModSecurity (lenguaje C).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N