Unrated severityNVD Advisory· Published Nov 5, 2021· Updated Aug 4, 2024
CVE-2021-35368
CVE-2021-35368
Description
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OWASP/ModSecurity Core Rule Setdescription
- Range: >=3.1.0,<3.1.2; >=3.2.0,<3.2.1; >=3.3.0,<3.3.2
Patches
Vulnerability mechanics
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MS5GMNYHFFIBWLJW7N3XAD24SLF3PFZ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IVYUJOKHDEXFTM2CZMEESJ6TZSPVNSSZ/mitrevendor-advisory
- security.gentoo.org/glsa/202305-25mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2023/01/msg00033.htmlmitremailing-list
- coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/mitre
- owasp.org/www-project-modsecurity-core-rule-set/mitre
- portswigger.net/daily-swig/lessons-learned-how-a-severe-vulnerability-in-the-owasp-modsecurity-core-rule-set-sparked-much-needed-changemitre
- portswigger.net/daily-swig/waf-bypass-severe-owasp-modsecurity-core-rule-set-bug-was-present-for-several-yearsmitre
News mentions
0No linked articles in our index yet.