{"vulnerability": "CVE-2023-38199", "sightings": [{"uuid": "a82560ec-f42e-40a9-a1c9-2dc1f226de3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38199", "type": "seen", "source": "https://t.me/cibsecurity/66617", "content": "\u203c CVE-2023-38199 \u203c\n\ncoreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type headers, which might allow attackers to bypass a WAF with a crafted payload, aka \"Content-Type confusion.\" This occurs when the web application relies on only the last Content-Type header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T07:45:14.000000Z"}, {"uuid": "4797257d-9c03-4996-a9b7-8b7d931b2641", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38199", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mfhjl3rkrk2o", "content": "", "creation_timestamp": "2026-02-22T16:09:51.463710Z"}]}