I am pleased to announce the release of the OWASP CRS v2.2.1. This is a significant update with regards to SQL Injection protections. Trustwave's SpiderLabs Team conducted an analysis/review of the SQL Injection Challenge Level II evasions - http://www.modsecurity.org/demo/challenge.html and made many updates to now detect the evasion techniques used during the challenge. SpiderLabs will soon be releasing a blog post providing details about the successful SQLi evasions used against the OWASP CRS >v.2.2.1 during the SQLi Challenge. Keeping responsible disclosure in mind, we have delayed public release of this blog post until we had an updated CRS for the community to install that detected these evasions.
*** It is highly recommended that you update your CRS installs ASAP to gain the improved SQL Injection protections. *** =========== CHANGELOG =========== -------------------------- Version 2.2.1 - 07/20/2011 -------------------------- Improvements: - Extensive SQL Injection signature updates as a result of the SQLi Challenge http://www.modsecurity.org/demo/challenge.html - Updated the SQL Error message detection in reponse bodies - Updated SQL Injection signatures to include more DB functions - Updated the WEAK SQL Injection signatures - Added tag AppSensor/RE8 to rule ID 960018 Bug Fixes: - Fixed Bad Robot logic for rule ID 990012 to further qualify User-Agent matches https://www.modsecurity.org/tracker/browse/CORERULES-70 - Fixed Session Hijacking rules to properly capture IP address network hashes. - Added the multiMatch action to the SQLi rules - Fixed a false negative logic flaw within the advanced_filter_converter.lua script - Fixed missing : in id action in DoS ruleset. - Updated rule ID 971150 signature to remove ; -------------------------- DOWNLOADING -------------------------- Manual Downloading: You can always download the latest CRS version here - https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/ Automated Downloading: Use the rules-updater.pl script in the CRS /util directory # Get a list of what the repository contains: $ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -l Repository: http://www.modsecurity.org/autoupdate/repository modsecurity-crs { 2.0.0: modsecurity-crs_2.0.0.zip 2.0.1: modsecurity-crs_2.0.1.zip 2.0.2: modsecurity-crs_2.0.2.zip 2.0.3: modsecurity-crs_2.0.3.zip 2.0.4: modsecurity-crs_2.0.4.zip 2.0.5: modsecurity-crs_2.0.5.zip 2.0.6: modsecurity-crs_2.0.6.zip 2.0.7: modsecurity-crs_2.0.7.zip 2.0.8: modsecurity-crs_2.0.8.zip 2.0.9: modsecurity-crs_2.0.9.zip 2.0.9: modsecurity-crs_2.0.10.zip 2.1.0: modsecurity-crs_2.1.0.zip 2.1.1: modsecurity-crs_2.1.1.zip 2.1.2: modsecurity-crs_2.1.2.zip 2.2.0: modsecurity-crs_2.2.0.zip 2.2.1: modsecurity-crs_2.2.1.zip } # Get the latest stable version of "modsecurity-crs": $ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -prules -Smodsecurity-crs Fetching: modsecurity-crs/modsecurity-crs_2.2.1.zip ... $ ls -R rules modsecurity-crs rules/modsecurity-crs: modsecurity-crs_2.2.1.zip modsecurity-crs_2.2.1.zip.sig -- Ryan Barnett Senior Security Researcher Trustwave - SpiderLabs ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
