CVE-2022-48279: 
NixOS vulnerability analysis and mitigation

CVE-2022-48279 affects ModSecurity versions before 2.9.6 and 3.x before 3.0.8, where HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. This vulnerability was discovered during a bug bounty program organized by Yahoo and Intigriti, and while related to CVE-2022-39956, it represents independent changes to the ModSecurity C language codebase (Core Rule Set).

The vulnerability has a CVSS v3.1 Base Score of 7.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The issue stems from incorrect parsing of HTTP multipart requests, specifically related to how ModSecurity processes multipart MIME header fields. The vulnerability is associated with CWE-436 (Interpretation Conflict) (NVD).

When exploited, this vulnerability allows attackers to bypass the Web Application Firewall protections by submitting specially crafted HTTP multipart requests. This bypass could potentially expose protected web applications to various attacks that would normally be blocked by the WAF (Core Rule Set).

The vulnerability has been fixed in ModSecurity versions 2.9.6 and 3.0.8. Users are strongly advised to upgrade to these versions or later. The fix includes multipart parsing improvements and the introduction of a new MULTIPARTPARTHEADERS collection (ModSecurity v2.9.6, ModSecurity v3.0.8).