Overview for rules released by Trustwave SpiderLabs in February for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.
ModSecurity Commercial Rules detect attacks or classes of attacks on web applications and their components as well as provide virtual patches for public vulnerabilities.
Release Summary
SolarWinds Serv-U FTP Server <= 15.2.1 Path traversal CVE-2020-27994
WordPress Plugin QuadMenu < 2.0.7 - Unauthenticated RCE via compiler_save
WordPress Plugin Paid Membership Pro < 2.5.3 - Unauthorised Order Information Disclosure
WordPress Plugin NextGen Gallery < 3.5.0 - CSRF allows File Upload CVE-2020-35943
WordPress Plugin Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload to RCE CVE-2021-24161
WordPress Plugin Responsive Menu 4.0.0 - 4.0.3 - Authenticated Arbitrary File Upload to RCE CVE-2021-24160
Accellion FTA - Web Shell cleanup
Accellion FTA - Web Shell database query
Accellion FTA - Web Shell downloads
WordPress Plugin WP Editor < 1.2.7 - Authenticated SQLi CVE-2021-24151
WordPress Plugin Ivory Search < 4.5.11 - Authenticated Reflected XSS
WordPress Plugin Popup Builder < 3.74 - Authenticated Reflected XSS CVE-2021-24148
Palo Alto PAN-OS Management Web Interface < 8.1.16 and < 9.0.9 - Reflected XSS CVE-2020-2036
WordPress Plugin Modern Events Calendar Lite < 5.16.5 - Authenticated Stored XSS CVE-2021-24147
WordPress Plugin Modern Events Calendar Lite < 5.16.6 - Authenticated SQLi CVE-2021-24149
WordPress Plugin Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload to RCE CVE-2021-24145
WordPress Plugin Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export CVE-2021-24146
WordPress Plugin Pricing Table by Supsystic < 1.8.9 - parameter sord Authenticated SQLi
WordPress Plugin Pricing Table by Supsystic < 1.8.9 - parameter sidx Authenticated SQLi
WordPress Plugin Data Tables Generator by Supsystic <= 1.9.99 - Authenticated SQLi
WordPress Plugin Contact Form by Supsystic < 1.7.7 - Authenticated Stored XSS
WordPress Plugin Contact Form by Supsystic <= 1.7.8 - Authenticated SQLi
WordPress Plugin Ultimate Maps by Supsystic <= 1.1.14 Authenticated SQLi
Nagios XI 5.7.X - Authenticated RCE CVE-2020-35578
Nagios XI 5.7.5 - Views XSS
Nagios XI 5.7.5 - My Tools XSS
How to Update
All the rules released this month are available for download and can be configured using the ModSecurity Dashboard. The rules are associated with the default profile and enabled for all licensed servers. To verify the rules were successfully downloaded by ModSecurity, log in to the ModSecurity Dashboard and verify the server "Last seen" date, which indicates the last successful download for the specified server.