Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-48279

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. (CVE-2022-48279)

Source

ALAS-2023-1772

Amazon Linux AMI Security Advisory: ALAS-2023-1772
Advisory Release Date: 2023-06-21 19:11 Pacific
Advisory Updated Date: 2023-06-29 23:52 Pacific

Severity: Medium

References: CVE-2022-48279
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. (CVE-2022-48279)

Affected Packages:

mod24_security

Issue Correction:
Run yum update mod24_security to update your system.

New Packages:

i686:
    mod24_security-2.8.0-5.28.amzn1.i686
    mlogc24-2.8.0-5.28.amzn1.i686
    mod24_security-debuginfo-2.8.0-5.28.amzn1.i686

src:
    mod24_security-2.8.0-5.28.amzn1.src

x86_64:
    mod24_security-debuginfo-2.8.0-5.28.amzn1.x86_64
    mod24_security-2.8.0-5.28.amzn1.x86_64
    mlogc24-2.8.0-5.28.amzn1.x86_64

Additional References

Red Hat: CVE-2022-48279

Mitre: CVE-2022-48279

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2023-1772

ALAS-2023-1772

Additional References

Vulmon Search

About

Products

Connect