Back to bug 2131317
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2022-09-30 17:04:08 UTC | Depends On | 2131318 | |
| Guilherme de Almeida Suckevicz | 2022-09-30 18:15:56 UTC | Depends On | 2131346, 2131347 | |
| Guilherme de Almeida Suckevicz | 2022-10-06 18:44:27 UTC | Doc Text | A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection. | |
| Paige Jung | 2022-10-06 20:32:29 UTC | Doc Text | A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection. | A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. |
| Guilherme de Almeida Suckevicz | 2022-10-07 13:57:07 UTC | Doc Text | A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. | A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection. |
| Werner Klein | 2022-10-12 05:32:41 UTC | CC | werner.klein | |
| Red Hat Bugzilla | 2023-07-07 08:27:49 UTC | Assignee | security-response-team | nobody |
Back to bug 2131317