[Modsecurity] Modsecurity rules update for 20061010
mirror at prometheus-group.com
mirror at prometheus-group.com
Tue Oct 10 18:42:49 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
New Release of GotRoot Web Signatures
Diff of /etc/modsecurity/apache2-rules.conf
Diff of /etc/modsecurity/blacklist.conf
Diff of /etc/modsecurity/proxy.conf
Diff of /etc/modsecurity/rules.conf
Diff of /etc/modsecurity/blacklist2.conf
Diff of /etc/modsecurity/exclude.conf
Diff of /etc/modsecurity/rootkits.conf
Diff of /etc/modsecurity/useragents.conf
Diff of /etc/modsecurity/exclude.conf
Diff of /etc/modsecurity/badips.conf
Diff of /etc/modsecurity/recons.conf
Diff of /etc/modsecurity/jitp.conf
4410,4452d4409
<
< #Eazy Cart Multiple Vulnerabilities
< SecFilterSelective REQUEST_URI "easycart\.php" "chain,id:390154,rev:1,severity:2,msg:'JITP: Eazy Cart SQL injection'"
< SecFilterSelective ARG_price "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
< SecFilterSelective REQUEST_URI "admin/config/customer\.dat" "id:390155,rev:1,severity:2,msg:'JITP: Eazy Cart Customer Data Access'"
< SecFilterSelective REQUEST_URI "easycart\.php" "chain,id:390156,rev:1,severity:2,msg:'JITP: Eazy Cart XSS ATTACK'"
< SecFilterSelective ARGS "<[[:space:]]*(script|about|applet|activex|chrome).*(script|about|applet|activex|chrome)[[:space:]]*>"
<
< #WebYep "webyep_sIncludePath" File Inclusion Vulnerabilities
< SecFilterSelective REQUEST_URI "webyep-system/program/((lib|elements)/|webyep\.php)" "chain,id:390157,rev:1,severity:2,msg:'JITP: WebYep webyep_sIncludePath File Inclusion Vulnerabilities'"
< SecFilterSelective ARG_webyep_sIncludePath "((ht|f)tps?:/|\.\./\.\.)"
<
< #Travelsized CMS "setup_folder" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "frontpage\.php" "chain,id:390158,rev:1,severity:2,msg:'JITP: Travelsized CMS setup_folder File Inclusion Vulnerabilities'"
< SecFilterSelective ARG_setup_folder "((ht|f)tps?:/|\.\./\.\.)"
<
< #VideoDB "config[pdf_module]" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "core/pdf\.php" "chain,id:390159,rev:1,severity:2,msg:'JITP: VideoDB File Inclusion Vulnerabilities'"
< SecFilterSelective REQUEST_URI "config\[pdf_module\].*((ht|f)tps?:/|\.\./\.\.)"
<
< #AllMyGuests "_AMGconfig[cfg_serverpath]" File Inclusion
< SecFilterSelective REQUEST_URI "signin\.php" "chain,id:390160,rev:1,severity:2,msg:'JITP: AllMyGuests File Inclusion Vulnerabilities'"
< SecFilterSelective REQUEST_URI "_AMGconfig\[cfg_serverpath\].*((ht|f)tps?:/|\.\./\.\.)"
<
< #OpenBiblio Local File Inclusion and SQL Injection
< SecFilterSelective REQUEST_URI "shared/(header|help)\.php" "chain,id:390161,rev:1,severity:2,msg:'JITP: OpenBiblio File Inclusion Vulnerabilities'"
< SecFilterSelective ARGS "(((ht|f)tps?:/|\.\./\.\.)|((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM))"
<
< #BasiliX "BSX_LIBDIR" File Inclusion Vulnerabilities
< SecFilterSelective REQUEST_URI "\.php" "chain,id:390162,rev:1,severity:2,msg:'JITP: BasiliX BSX_LIBDIR File Inclusion Vulnerabilities'"
< SecFilterSelective ARG_BSX_LIBDIR "((ht|f)tps?:/|\.\./\.\.)"
<
< #PowerPortal "file_name[]" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "index\.php" "chain,id:390163,rev:1,severity:2,msg:'JITP: Powerportal File Inclusion Vulnerabilities'"
< SecFilterSelective REQUEST_URI "file_name\[\].*((ht|f)tps?:/|\.\./\.\.)"
<
< #DeluxeBB "templatefolder" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "/templates/.*/.*/.*\.php" "chain,id:390164,rev:1,severity:2,msg:'JITP: DeluxeBB teplatefolder File Inclusion Vulnerabilities'"
< SecFilterSelective ARG_templatefolder "((ht|f)tps?:/|\.\./\.\.)"
<
< #TagIt! Tagboard "page" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "/index\.php" "chain,id:390165,rev:1,severity:2,msg:'JITP: Tagit page File Inclusion Vulnerabilities'"
< SecFilterSelective ARG_page "(ht|f)tps?:/"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQIVAwUBRSwh6bVvl2Kn6BhaAQKUmRAAgZ0M75l7VZgI4buCm1r0EVJozuzFTsO3
kb/PeSfNihZz3aMsPmzqk1a9Ur34V1p6lQooRgmoXlT//wflnVfAmRRy2qobpo4w
ZpTtS2GNk6mdW5NdcgcWbu0H/NA6wC+M0cl1Xyiu7d2lMm/QFAqIEagp66wJX8fp
n++du8IAE+ALyh5fKymzgaoCTQyego+soJVItq/R6n5XrPqcKcebVUwAV4DDB3JF
OdWBBfeE1/Lw5qbV5P9qK8MLa20NBJBTXK6aY+m+feiaMJTQspt8Jm3nu3ZB2Jey
O/xtziQTai1O9SbfT9MM1etOd8xHVVXqD+pwAdLwf91aEPLJ7J4CxdpBR0aUtzoF
brLcNwlDcNosnO4+X32WdYXHHm+1ehJPhnFQz7zc0C+fW/jMxEjAq4/5/NMxZHzD
WzBvKTTUvv0gLZzcuKEOPwVX1O0JQF5/YBMno7wPWaY4vTss0xY+O5OFR2dq5xgw
uNn3EAQKyeeFOms0h1oDijTa9EdOMnYoY0Jl5FpnHvr4sFYpS180FeP9WaU+OByS
gw+I9CAiFxgFzzkE8V8Wcu9LVbq7wqjaN4o/OSWU3Te3OE/P1kDaTrD6rUnJCYSZ
xztxNQhbOI8HDN6909BZnPbcf6FOla03n5TAnjZcccvhH2TU91t9fGlRjoNsHtP2
Xd4dJCAf6FA=
=d5mZ
-----END PGP SIGNATURE-----
More information about the Modsecurity
mailing list