Back to bug 2131321

Who	When	What	Removed	Added
Guilherme de Almeida Suckevicz	2022-09-30 17:11:58 UTC	Depends On		2131322
Guilherme de Almeida Suckevicz	2022-09-30 18:16:53 UTC	Depends On		2131351, 2131350
Guilherme de Almeida Suckevicz	2022-10-06 18:54:04 UTC	Doc Text		A flaw was found in the OWASP ModSecurity Core Rule Set. Repeated payloads with a HTTP range header field with a small byte range allows a response body bypass, resulting in access to restricted resources.
Paige Jung	2022-10-06 20:36:29 UTC	Doc Text	A flaw was found in the OWASP ModSecurity Core Rule Set. Repeated payloads with a HTTP range header field with a small byte range allows a response body bypass, resulting in access to restricted resources.	A flaw was found in the OWASP ModSecurity Core Rule Set. Repeated payloads with a HTTP range header field with a small byte range allows a response body bypass, resulting in access to restricted resources. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively, and configure a CRS paranoia level of 3 or higher.
Guilherme de Almeida Suckevicz	2022-10-07 13:59:34 UTC	Doc Text	A flaw was found in the OWASP ModSecurity Core Rule Set. Repeated payloads with a HTTP range header field with a small byte range allows a response body bypass, resulting in access to restricted resources. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively, and configure a CRS paranoia level of 3 or higher.	A flaw was found in the OWASP ModSecurity Core Rule Set. Repeated payloads with a HTTP range header field with a small byte range allows a response body bypass, resulting in access to restricted resources.
Red Hat Bugzilla	2023-07-07 08:35:45 UTC	Assignee	security-response-team	nobody

Back to bug 2131321