Skip to main content

Owasp Modsecurity Core Rule Set CVE-2021-35368

CRITICAL
2021-11-05 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 05, 2021 - 18:15 nvd
CRITICAL 9.8

DescriptionNVD

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.

AnalysisAI

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. Affected products include: Owasp Owasp Modsecurity Core Rule Set, Fedoraproject Fedora, Debian Debian Linux. Version information: before 3.1.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-21876 CRITICAL POC
9.3 Jan 08

OWASP Core Rule Set (CRS) before 4.22.0 and 3.3.8 has a bug in rule 922110 that allows WAF bypass on multipart requests.

CVE-2019-13464 HIGH POC
7.5 Jul 09

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Rated high severity (CVSS 7.5), this vulnerabili

CVE-2018-16384 HIGH POC
7.5 Sep 03

A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0

CVE-2022-39956 CRITICAL
9.8 Sep 20

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submit

CVE-2022-39955 CRITICAL
9.8 Sep 20

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTT

CVE-2019-11391 MEDIUM POC
5.3 Apr 21

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v

CVE-2019-11390 MEDIUM POC
5.3 Apr 21

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v

CVE-2019-11389 MEDIUM POC
5.3 Apr 21

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v

CVE-2019-11388 MEDIUM POC
5.3 Apr 21

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v

CVE-2022-39958 HIGH
7.5 Sep 20

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and und

CVE-2022-39957 HIGH
7.5 Sep 20

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. Rated high severity (CVSS 7.5), this vu

CVE-2019-11387 MEDIUM
5.3 Apr 21

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. Rated medium severity (CVSS 5.3), this v

Share

CVE-2021-35368 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy