Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

OWASP WAF – CVE-2021-35368 on OWASP CRS

                                   IMPORTANT NOTICE FOR Kemp WAF Customers 


The Kemp Web Application Firewall (WAF) has migrated to rules based on the Open Web Application Security Project® (OWASP) Core Rule Set (CRS) as the primary set of rules-based protection.


OWASP CRS is a set of generic attack detection rules designed to protect web applications from a wide range of attacks, including OWASP Top Ten. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, Local File Inclusion, etc. The OWASP CRS provides significantly better baseline protection for your applications.


A high severity vulnerability was raised against the OWASP CRS under CVE-2021-35368.


This was addressed by the OWASP CRS team on Wednesday 30th June in the 3.1.2, 3.2.1 and 3.3.2.


Kemp have made available the OWASP CRS 3.3.2 release.


If you have Web Application FirewallAccess SettingsEnable Automated Installs ticked, then you will receive this update automatically.


Otherwise, please manually install updates under Web Application FirewallAccess SettingsManually Install UpdatesInstall Now to receive and install this update.


Please find further information from OWASP CRS here.

Was this article helpful?
0 out of 0 found this helpful