Blog

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH)

The OWASP ModSecurity Core Rule Set (CRS) team has identified a Denial of Service vulnerability in the underlying ModSecurity engine. This affects all releases in the ModSecurity v3 release line. The vendor Trustwave Spiderlabs did not release an update yet. However, we are providing users with a patch for ModSecurity and a workaround if they …

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH) Read More »

Introducing msc_pyparser

Let us present msc_pyparser to you. It is a python library that lets you manipulate ModSecurity rules configuration files. ModSecurity has decent capabilities to manipulate rules at runtime, but msc_pyparser lets you manipulate the config files themselves. This is useful in many situations and the longer we use it, the more use cases pop up. …

Introducing msc_pyparser Read More »

OWASP ModSecurity Core Rule Set v3.3.0 available

The OWASP ModSecurity Core Rule Set team is proud to announce the final release for CRS v3.3.0. For downloads and installation instructions, please see the Installation page. This release packages many changes, such as: Block backup files ending with ~ in filename (Andrea Menin) Detect ffuf vuln scanner (Will Woodson) Detect Nuclei vuln scanner (azurit) …

OWASP ModSecurity Core Rule Set v3.3.0 available Read More »

OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 2 available

The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 2 for the upcoming CRS v3.3.0 release. The release candidate is available at: https://github.com/coreruleset/coreruleset/archive/v3.3.0-rc2.tar.gz https://github.com/coreruleset/coreruleset/archive/v3.3.0-rc2.zip This release packages many changes, such as: Block backup files ending with ~ in filename (Andrea Menin) Detect ffuf vuln scanner (Will Woodson) Detect SemrushBot crawler …

OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 2 available Read More »

Overhauling the CRS Tags

Tagging rules is a great feature of ModSecurity since it allows you to add information to your ModSec alert messages. In my tutorial on Embedding ModSec over at netnea.com, I use the tag feature in the default action to add a tag to every alert message from a given service. I do this as follows: …

Overhauling the CRS Tags Read More »

CRS Repository at New Location

We have successfully migrated our GitHub repository to a new location at https://github.com/coreruleset/coreruleset Trustwave SpiderLabs hosted the OWASP ModSecurity Core Rule Set project under their umbrella for many years. They acted as stewards of our project and also directed it via the former lead Ryan Barnett. Yet as a formally independent OWASP project, it is …

CRS Repository at New Location Read More »

CVE-2019-19886 – HIGH – DoS against libModSecurity 3

The ModSecurity 3.0.x release line suffers from a Denial of Service vulnerability after triggering a segmentation fault on the webserver when parsing a malformed cookie header. All users of ModSecurity 3.0.0 – 3.0.3 should update to ModSecurity 3.0.4 as soon as possible. ModSecurity 2.x is not affected. The CVSS score for the vulnerability is 7.5 …

CVE-2019-19886 – HIGH – DoS against libModSecurity 3 Read More »

Running a few dozens of new magic XSS payloads against CRS 3.2

Earlier today, Gareth Heyes presented a very interesting talk with dozens of new XSS payloads at the OWASP GlobalAppSec conference in Amsterdam. The CRS developers in the audience immediately started to try out the payloads, but Gareth was so quick they lost track… But being the helpful person he is, he published the slides during …

Running a few dozens of new magic XSS payloads against CRS 3.2 Read More »

Announcement: OWASP ModSecurity Core Rule Set Version 3.2.0

The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of the OWASP ModSecurity Core Rule Set Version 3.2.0. The new release is available for download at https://coreruleset.org/installation/ This release represents a very big step forward in terms of both capabilities and protections including: Improved compatibility with ModSecurity 3.x Improved CRS …

Announcement: OWASP ModSecurity Core Rule Set Version 3.2.0 Read More »