Back to bug 2131315
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2022-09-30 16:53:03 UTC | Depends On | 2131316 | |
| Guilherme de Almeida Suckevicz | 2022-09-30 16:53:20 UTC | Blocks | 2128790 | |
| Guilherme de Almeida Suckevicz | 2022-09-30 18:15:29 UTC | Depends On | 2131341, 2131342 | |
| Guilherme de Almeida Suckevicz | 2022-10-06 18:42:49 UTC | Doc Text | A flaw was found in the OWASP ModSecurity Core Rule Set. A specially crafted HTTP Content-Type header field allows an encoded payload bypass detection and be decoded in the back-end application. | |
| Paige Jung | 2022-10-06 20:29:40 UTC | Doc Text | A flaw was found in the OWASP ModSecurity Core Rule Set. A specially crafted HTTP Content-Type header field allows an encoded payload bypass detection and be decoded in the back-end application. | A flaw was found in the OWASP ModSecurity Core Rule Set. A specially crafted HTTP Content-Type header field allows an encoded payload bypass detection, which may be decoded in the back-end application. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. |
| Guilherme de Almeida Suckevicz | 2022-10-07 13:56:28 UTC | Doc Text | A flaw was found in the OWASP ModSecurity Core Rule Set. A specially crafted HTTP Content-Type header field allows an encoded payload bypass detection, which may be decoded in the back-end application. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. | A flaw was found in the OWASP ModSecurity Core Rule Set. A specially crafted HTTP Content-Type header field allows an encoded payload bypass detection, which may be decoded in the back-end application. |
| Red Hat Bugzilla | 2023-07-07 08:30:13 UTC | Assignee | security-response-team | nobody |
Back to bug 2131315