OK, here is the #CRS #log4j / #log4shell #WAF Bypass contest.
We don't know of any jndi/ctx log4j payload that we don't detect. Show us your evasions ...December 16, 2021
The dangers of relying on just WAFs.
Bypassing them has been something we've done since the dawn of time. During my time with ModSecurity, it was as ...December 14, 2021
🚨 NEW: CVE-2021-35368 🚨 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request ...November 9, 2021
I was looking for a good web application firewall to protect my web application and found ModSecurity. I liked it and decided to install it on my serv ...July 12, 2021
A high-scoring vulnerability in the OWASP ModSecurity Core Rule Set went unnoticed for several years, the maintainers have admitted
https://t.co/lZxmB ...July 9, 2021
WAF bypass:‘Severe’ OWASP ModSecurity Core Rule Set bug was present for several years
The bug – tracked as CVE-2021-35368 – bypasses the secu ...July 7, 2021
A vulnerability in OWASP ModSecurity Core Rule Set that could bypass WAF security protections was ‘present for several years’
https://t.co/lZxmBn ...July 5, 2021
Quite a rare occurrence of an OWASP project having a vulnerability!CVE-2021-35368 in OWASP #ModSecurity Core Rule Set (#CRS Request Body Bypass). Ku ...June 30, 2021