Walter Hop has announced the release of OWASP ModSecurity Core Rule Set 3.3.2 to fix CVE-2021-35368 WAF bypass using pathinfo.
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
New in 3.3.2:
Fixes and improvements:
* Fix CVE-2021-35368 WAF bypass using pathinfo (Christian Folini)
Download OWASP ModSecurity Core Rule Set 3.3.2