Owasp Modsecurity Core Rule Set
CVE-2021-35368
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
AnalysisAI
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. Affected products include: Owasp Owasp Modsecurity Core Rule Set, Fedoraproject Fedora, Debian Debian Linux. Version information: before 3.1.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
OWASP Core Rule Set (CRS) before 4.22.0 and 3.3.8 has a bug in rule 922110 that allows WAF bypass on multipart requests.
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Rated high severity (CVSS 7.5), this vulnerabili
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submit
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTT
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and und
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. Rated high severity (CVSS 7.5), this vu
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today