Main Vulnerability Database Vulnerabilities #VU54495

#VU54495 Protection mechanism failure in OWASP ModSecurity Core Rule Set (CRS) - CVE-2021-35368

Published: July 1, 2021

Vulnerability identifier: #VU54495

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-35368

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OWASP ModSecurity Core Rule Set (CRS)

Software vendor:
OWASP

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures within the default CRS ruleset. An attacker can bypass implemented security restrictions and exploit vulnerabilities in the CMS that is protected with ModSecurity with the OWASP ModSecurity Core Rule Set (CRS).

Remediation

Install updates from vendor's website.

External links

https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/

#VU54495 Protection mechanism failure in OWASP ModSecurity Core Rule Set (CRS) - CVE-2021-35368

Description

Remediation

External links

Please verify you're human