This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Projects/OWASP ModSecurity Core Rule Set Project/Releases/ModSecurity 2.0.8
back to project home page
| what | is this release? |
|---|---|
| ModSecurity 2.0.8 - 08/27/2010 - (download) | |
| Release Description: Improvements:
- Updated the PHPIDS filters - Updated the SQL Injection filters to detect boolean attacks (1<2, foo == bar, etc..) - Updated the SQL Injection filters to account for different quotes - Added UTF-8 encoding validation support to the modsecurity_crs_10_config.conf file - Added Rule ID 950109 to detect multiple URL encodings - Added two experimental rules to detect anomalous use of special characters Bug Fixes: - Fixed Encoding Detection RegEx (950107 and 950108) - Fixed rules-updater.pl script to better handle whitespace https://www.modsecurity.org/tracker/browse/MODSEC-167 - Fixed missing pass action bug in modsecurity_crs_21_protocol_anomalies.conf https://www.modsecurity.org/tracker/browse/CORERULES-55 - Fixed the anomaly scoring in the modsecurity_crs_41_phpids_filters.conf file https://www.modsecurity.org/tracker/browse/CORERULES-54 - Updated XSS rule id 958001 to improve the .cookie regex to reduce false postives https://www.modsecurity.org/tracker/browse/CORERULES-29 | |
| Release License: GNU General Public License - Version 2.0 | |
| who | worked on this release? |
| Release Leader(s): | |
| how | can you learn more? |
| Release Notes: View | |
| Main links: | |
Release Rating:  Not Reviewed - Assessment Details
| |
| Key Contacts | |
| |
