Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software.
For this release, we are highlighting virtual patches for PHP 5.x/7.x WDDX Out of Bounds Information Disclosure (CVE-2017-11145) and PHP <=5.6.31 WDDX Invalid free DoS (CVE-2017-11143) vulnerabilities. These issues could allow an attacker to achieve a DoS or information disclosure condition for recent versions of PHP in web applications while dealing with maliciously crafted wddx XML packets.
ModSecurity Rules from Trustwave® SpiderLabs® include custom virtual patches for public vulnerabilities.
This release adds signatures for the following issues:
For customers of ModSecurity Commercial Rules these new rules are readily available, whereas in ModSecurity Dashboard, it depends on how the rules profile are set. The Dashboard compares the rule categories that are enabled in the Dashboard profile: If any new rules match the selected categories, they will automatically become available for download on the next reload or on restart of the webserver using the SecRemoteRules directive. In the default profile, all rules are enabled.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.