Walter Hop has announced the release of OWASP ModSecurity Core Rule Set 3.3.2 to fix CVE-2021-35368 WAF bypass using pathinfo.

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.

New in 3.3.2:

Fixes and improvements:
* Fix CVE-2021-35368 WAF bypass using pathinfo (Christian Folini)



Download OWASP ModSecurity Core Rule Set 3.3.2