Vulnerability CVE-2021-35368

Vulnerability CVE-2021-35368

Published: 2021-11-05

Description:

Type:

(Incorrect Authorization)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Affected software
Owasp -> Owasp modsecurity core rule set

https://portswigger.net/daily-swig/waf-bypass-severe-owasp-modsecurity-core-rule-set-bug-was-present-for-several-years

https://portswigger.net/daily-swig/lessons-learned-how-a-severe-vulnerability-in-the-owasp-modsecurity-core-rule-set-sparked-much-needed-change

https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/

https://owasp.org/www-project-modsecurity-core-rule-set/