This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP ModSecurity Core Rule Set Project - ModSecurity 2.0.7 - Notes

From OWASP
Jump to: navigation, search

Version 2.0.7 - 06/4/2010

Improvements: 

- Added CSRF Protection Ruleset which will use Content Injection to add javascript to
  specific outbound data and then validate the csrf token on subsequent requests.
- Added new Application Defect Ruleset which will identify/fix missing HTTPOnly cookie
  flags
- Added Experimental XSS/Missing Output Escaping Ruleset which looks for user supplied
  data being echoed back to user unchanged.
- Added rules-updater.pl script and configuration file to allow users to automatically
  download CRS rules from the CRS rules repository. 
- Added new SQLi keyword for ciel() and reverse() functions.
- Updated the PHPIDS filters

Bug Fixes: 

- Fixed false positives for Request Header Name matching in the 30 file by 
  adding boundary characters.  
- Added missing pass actions to @pmFromFile prequalifier rules
- Added backslash to SQLi regex
  https://www.modsecurity.org/tracker/browse/CORERULES-41
- Fixed hard coded anomaly score in PHPIDS filter file
  https://www.modsecurity.org/tracker/browse/CORERULES-45 
- Fixed restricted_extension false positive by adding boundary characters

This category currently contains no pages or media.

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_ModSecurity_Core_Rule_Set_Project_-_ModSecurity_2.0.7_-_Notes&oldid=88050"