Difference between revisions of "Projects/OWASP ModSecurity Core Rule Set Project/Releases/ModSecurity 2.2.0"

From OWASP
Jump to: navigation, search
(Created page with "{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude> | project_name = OWASP ModSecurity Core Rule Set Project | project_home_page = :Category:OWASP ...")
 
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
 
| project_home_page = :Category:OWASP ModSecurity Core Rule Set Project
 
| project_home_page = :Category:OWASP ModSecurity Core Rule Set Project
  
| release_name = ModSecurity 2.2.0
+
| release_name = ModSecurity 2.2.8
| release_date = 05/26/2011
+
| release_date = 06/30/2013
 
| release_description =  
 
| release_description =  
*Improvements:
+
== Version 2.2.8 - 06/30/2013 ==
- Changed Licensing from GPLv2 to Apache Software License v2 (ASLv2)
 
  http://www.apache.org/licenses/LICENSE-2.0.txt
 
- Created new INSTALL file outlining quick config setup
 
- Added a new rule regression testing framework to the /util directory
 
- Added new activated_rules directory which will allow users to place symlinks pointing
 
  to files they want to run.  This allows for easier Apache Include wild-carding
 
- Adding in new RULE_MATURITY and RULE_ACCURACY tags
 
- Adding in a check for X-Forwarded-For source IP when creating IP collection
 
- Added new Application Defect checks (55 app defect file) from Watcher tool (Check Charset)
 
  http://websecuritytool.codeplex.com/wikipage?title=Checks#charset
 
- Added new AppSensor rules to experimental_dir
 
  https://www.owasp.org/index.php/AppSensor_DetectionPoints
 
- Added new Generic Malicious JS checks in outbound content
 
- Added experimental IP Forensic rules to gather Client hostname/whois info  http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html
 
- Added support for Mozilla's Content Security Policy (CSP) to the experimental_rules
 
  http://blog.spiderlabs.com/2011/04/modsecurity-advanced-topic-of-the-week-integrating-content-security-policy-csp.html
 
- Global collection in the 10 file now uses the Host Request Header as the collection key.
 
  This allows for per-site global collections.
 
- Added new SpiderLabs Research (SLR) rules directory (slr_rules) for known vulnerabilties.
 
  This includes both converted web rules from Emerging Threats (ET) and from SLR Team.
 
- Added new SLR rule packs for known application vulns for WordPress, Joomla and phpBB
 
- Added experimental rules for detecting Open Proxy Abuse
 
  http://blog.spiderlabs.com/2011/03/detecting-malice-with-modsecurity-open-proxy-abuse.html
 
- Added experimental Passive Vulnerability Scanning ruleset using OSVDB and Lua API
 
  http://blog.spiderlabs.com/2011/02/modsecurity-advanced-topic-of-the-week-passive-vulnerability-scanning-part-1-osvdb-checks.html
 
- Added additional URI Request Validation rule to the 20 protocol violations file (Rule ID - 981227)
 
- Added new SQLi detection rules (959070, 959071 and 959072)
 
- Added "Toata dragostea mea pentru diavola" to the malicious User-Agent data
 
  https://www.modsecurity.org/tracker/browse/CORERULES-64
 
  
*Bug Fixes:
+
Security Fixes:
- Assigned IDs to all active SecRules/SecActions
+
 
- Removed rule inversion (!) from rule ID 960902
+
Improvements:
- Fixed false negative issue in Response Splitting Rule
+
* Updatd the /util directory structure
- Fixed false negative issue with @validateByteRange check
+
* Added scripts to check Rule ID duplicates
- Updated the TARGETS lising for rule ID 950908
+
* Added script to remove v2.7 actions so older ModSecurity rules will work
- Updated TX data for REQBODY processing
+
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/43
- Changed the pass action to block in the RFI rules in the 40 generic file
+
* Added new PHP rule (958977) to detect PHP exploits (Plesk 0-day from king cope)
- Updated RFI regex to catch IP address usage in hostname
+
  - http://seclists.org/fulldisclosure/2013/Jun/21
   https://www.modsecurity.org/tracker/browse/CORERULES-68
+
  - http://blog.spiderlabs.com/2013/06/honeypot-alert-active-exploits-attempts-for-plesk-vulnerability-.html
- Changed REQUEST_URI_RAW variable to REQUEST_LINE in SLR rules to allow matches on request methods.
+
 
- Updated the RFI rules in the 40 generic attacks conf file to remove explicit logging actions.
+
 
   They will now inherit the settings from the SecDefaultAction
+
Bug Fixes:
 +
* fix 950901 - word boundary added
 +
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/48
 +
* fix regex error
 +
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/44
 +
* Updated the Regex in 981244 to include word boundaries
 +
   - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/36
 +
* Problem with Regression Test (Invalid use of backslash) - Rule 960911 - Test2
 +
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/34
 +
* ModSecurity: No action id present within the rule - ignore_static.conf
 +
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/17
 +
* "Bad robots" rule blocks all Java applets on Windows XP machines
 +
  - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/16
 +
* duplicated rules id 981173
 +
   - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18
  
 
| release_license = [http://www.apache.org/licenses/LICENSE-2.0.txt Apache Software License v2 (ASLv2)]
 
| release_license = [http://www.apache.org/licenses/LICENSE-2.0.txt Apache Software License v2 (ASLv2)]
  
| release_download_link = http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.0.zip/download  
+
| release_download_link = https://github.com/SpiderLabs/owasp-modsecurity-crs/releases/tag/2.2.8  
  
 
| leader_name1 = Ryan Barnett
 
| leader_name1 = Ryan Barnett

Latest revision as of 07:54, 28 August 2014

back to project home page

what is this release?
ModSecurity 2.2.8 - 06/30/2013 - (download)
Release Description: == Version 2.2.8 - 06/30/2013 ==

Security Fixes:

Improvements:

  • Updatd the /util directory structure
  • Added scripts to check Rule ID duplicates
  • Added script to remove v2.7 actions so older ModSecurity rules will work
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/43
  • Added new PHP rule (958977) to detect PHP exploits (Plesk 0-day from king cope)
 - http://seclists.org/fulldisclosure/2013/Jun/21
 - http://blog.spiderlabs.com/2013/06/honeypot-alert-active-exploits-attempts-for-plesk-vulnerability-.html


Bug Fixes:

  • fix 950901 - word boundary added
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/48
  • fix regex error
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/44
  • Updated the Regex in 981244 to include word boundaries
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/36
  • Problem with Regression Test (Invalid use of backslash) - Rule 960911 - Test2
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/34
  • ModSecurity: No action id present within the rule - ignore_static.conf
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/17
  • "Bad robots" rule blocks all Java applets on Windows XP machines
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/16
  • duplicated rules id 981173
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18
Release License: Apache Software License v2 (ASLv2)
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Release Rating: Projects/OWASP ModSecurity Core Rule Set Project/GPC/Assessment/ModSecurity 2.2.8
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.