Md3V

**Name of the Vulnerable Software and Affected Versions** OWASP ModSecurity Core Rule Set (CRS) versions 3.1.0 and earlier **Description** A problem was discovered in the OWASP ModSecurity Core Rule Set (CRS) that allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. The file /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf is vulnerable to this issue. **Recommendations** For OWASP ModSecurity Core Rule Set (CRS) versions 3.1.0 and earlier, consider disabling the /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf file until a patch is available to prevent remote attackers from causing a denial of service (ReDOS).