SpiderLabs Blog

ModSecurity Web Application Firewall - Commercial Rules Update (2)

Written by Victor Hora | Aug 22, 2017 2:36:00 PM

We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software.

For this release, we are highlighting virtual patches for PHP 5.x/7.x WDDX Out of Bounds Information Disclosure (CVE-2017-11145) and PHP <=5.6.31 WDDX Invalid free DoS (CVE-2017-11143) vulnerabilities. These issues could allow an attacker to achieve a DoS or information disclosure condition for recent versions of PHP in web applications while dealing with maliciously crafted wddx XML packets.

ModSecurity Rules from Trustwave® SpiderLabs® include custom virtual patches for public vulnerabilities.

 

Release Summary

This release adds signatures for the following issues:

  • Joomla! Component CCNewsLetter 2.1.9 SQLi (2170056)
  • Joomla! Component Event Registration Pro Calendar 4.1.3 SQLi (2170057)
  • Joomla! Component LMS King Professional 3.2.4.0 SQLi (2170058)
  • Joomla! Component PHP-Bridge 1.2.3 SQLi (2170059)
  • Joomla! Component SIMGenealogy 2.1.5 SQLi (2170060)
  • Joomla! Component Ultimate Property Listing 1.0.2 SQLi (2170061)
  • WordPress Plugin Easy Modal 2.0.17 SQLi (2170062)
  • WordPress Slider Revolution Responsive LFI (2170063)
  • PHP <= 5.6.31 WDDX Invalid free DoS (2170064)
  • PHP 5.x/7.x WDDX Out of Bounds Information Disclosure (2170065)
  • GitHub Enterprise < 2.8.7 - Remote Code Execution SSRF (2170066)

 

For customers of ModSecurity Commercial Rules these new rules are readily available, whereas in ModSecurity Dashboard, it depends on how the rules profile are set. The Dashboard compares the rule categories that are enabled in the Dashboard profile: If any new rules match the selected categories, they will automatically become available for download on the next reload or on restart of the webserver using the SecRemoteRules directive. In the default profile, all rules are enabled.