This tweet highlights a flaw in ModSecurity that allows a WAF bypass for path-based payloads in request URLs. The vulnerability is rated CVSS 8.6, indicating a serious risk. The issue stems from ModSecurity’s handling of URL decoding, specifically how it decodes percent-encoded characters in URLs. This flaw can potentially be exploited to bypass the WAF and evade security measures. Further technical details and mitigation steps can be found at the provided URL.
For more details, check out the original tweet here: https://twitter.com/the_yellow_fall/status/1752725642502664609