CVE-2021-35368 Information
Jun 07, 2022
cve
Description
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2 3.2.x before 3.2.1 and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://portswigger.net/daily-swig/waf-bypass-severe-owasp-modsecurity-core-rule-set-bug-was-present-for-several-years https://portswigger.net/daily-swig/lessons-learned-how-a-severe-vulnerability-in-the-owasp-modsecurity-core-rule-set-sparked-much-needed-change https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/ https://owasp.org/www-project-modsecurity-core-rule-set/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: