coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOwasp Coreruleset
APPOwasp≤ 3.3.4
Related vulnerabilities
OWASP CRS: pominięcie wykrywania złośliwego charset w żądaniach multipart
OWASP Faction: RCE przez brak uwierzytelnienia w endpoint zarządzania rozszerzeniami
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Atta...
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by ...
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT,...