Download
| Alert*
|
oval:org.secpod.oval:def:1600114
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. oval:org.secpod.oval:def:1600115 mod24_security is installed oval:org.secpod.oval:def:1601734 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity codebase |
