{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-48279", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T15:10:59.557Z", "dateReserved": "2023-01-20T00:00:00", "datePublished": "2023-01-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6"}, {"url": "https://github.com/SpiderLabs/ModSecurity/pull/2797"}, {"url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8"}, {"url": "https://github.com/SpiderLabs/ModSecurity/pull/2795"}, {"url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/"}, {"name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html"}, {"name": "FEDORA-2023-8aa264d5c5", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/"}, {"name": "FEDORA-2023-09f0496e60", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/"}, {"name": "FEDORA-2023-bc61f7a145", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:10:59.557Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6", "tags": ["x_transferred"]}, {"url": "https://github.com/SpiderLabs/ModSecurity/pull/2797", "tags": ["x_transferred"]}, {"url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8", "tags": ["x_transferred"]}, {"url": "https://github.com/SpiderLabs/ModSecurity/pull/2795", "tags": ["x_transferred"]}, {"url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html"}, {"name": "FEDORA-2023-8aa264d5c5", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/"}, {"name": "FEDORA-2023-09f0496e60", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/"}, {"name": "FEDORA-2023-bc61f7a145", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "54497FC8-5BF6-4E81-9C7E-F01AEBCB2AD1", "versionEndExcluding": "2.9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3B974C9-92E4-4493-9C5F-8CF1F8A74068", "versionEndExcluding": "3.0.8", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase."}, {"lang": "es", "value": "En ModSecurity anterior a 2.9.6 y 3.x anterior a 3.0.8, las solicitudes HTTP multiparte se analizaban incorrectamente y pod\u00edan omitir el Firewall de aplicaciones web. NOTA: esto est\u00e1 relacionado con CVE-2022-39956, pero puede considerarse cambios independientes en el c\u00f3digo base de ModSecurity (lenguaje C)."}], "id": "CVE-2022-48279", "lastModified": "2023-11-07T03:56:31.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-20T19:15:17.783", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/SpiderLabs/ModSecurity/pull/2795"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/SpiderLabs/ModSecurity/pull/2797"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-436"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:4629", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2023-08-15T00:00:00Z"}, {"advisory": "RHSA-2023:4629", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2023-08-15T00:00:00Z"}, {"advisory": "RHSA-2023:4628", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "mod_security", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2023-08-15T00:00:00Z"}], "bugzilla": {"description": "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass", "id": "2163622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-1389", "details": ["In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.", "A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase."], "name": "CVE-2022-48279", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "mod_security", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "mod_security", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "mod_security", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "httpd24-mod_security", "product_name": "Red Hat Software Collections"}], "public_date": "2023-01-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48279\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48279"], "threat_severity": "Moderate", "upstream_fix": "ModSecurity 2.9.6, ModSecurity 3.0.8"}