[Modsecurity] New release

Michael Shinn mike at gotroot.com
Mon Sep 11 19:01:44 EDT 2006 

Diff of /etc/modsecurity/apache2-rules.conf


Diff of /etc/modsecurity/blacklist.conf


Diff of /etc/modsecurity/proxy.conf


Diff of /etc/modsecurity/rules.conf


Diff of /etc/modsecurity/blacklist2.conf


Diff of /etc/modsecurity/exclude.conf


Diff of /etc/modsecurity/rootkits.conf


Diff of /etc/modsecurity/useragents.conf


Diff of /etc/modsecurity/exclude.conf


Diff of /etc/modsecurity/badips.conf


Diff of /etc/modsecurity/recons.conf


Diff of /etc/modsecurity/jitp.conf
5c5
< # Version: N-20060911-02
---
> # Version: N-20060911-01
4291d4290
< #phpCodeGenie "BEAUT_PATH" File Inclusion Vulnerability
4338c4337
< SecFilterSelective REQUEST_URI "\.php"
"chain,id:390129,rev:1,severity:2,msg:'JITP: YACS context[path_to_root]
File Inclusion Vulnerabilities'"
---
> SecFilterSelective REQUEST_URI "\.php\?"
"chain,id:390129,rev:1,severity:2,msg:'JITP: YACS context[path_to_root]
File Inclusion Vulnerabilities'"
4340,4395d4338
<
< #Pheap "lpref" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "lib/config\.php"
"chain,id:390130,rev:1,severity:2,msg:'JITP: Pheap lpref File Inclusion
Vulnerability'"
< SecFilterSelective ARG_lpref "((ht|f)tps?:/|\.\./\.\.)"
<
< #phpECard "include_path" File Inclusion Vulnerabilities
< SecFilterSelective REQUEST_URI "functions\.php"
"chain,id:390131,rev:1,severity:2,msg:'JITP: phpECard include_path File
Inclusion Vulnerabilities'"
< SecFilterSelective ARG_include_path "((ht|f)tps?:/|\.\./\.\.)"
<
< #MiniBill "config[include_dir]" Parameter File Inclusion
< SecFilterSelective REQUEST_URI "actions/ipn\.php"
"chain,id:390132,rev:1,severity:2,msg:'JITP: MiniBill
config[include_dir] File Inclusion Vulnerabilities'"
< SecFilterSelective REQUEST_URI "config\[include_dir\]=((ht|f)tps?:/|
\.\./\.\.)"
<
< #phpGroupWare Local File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "alendar/inc/class.holidaycalc\.inc
\.php" "chain,id:390133,rev:1,severity:2,msg:'JITP: phpGroupWare Local
File Inclusion Vulnerabilities'"
< SecFilterSelective REQUEST_URI "phpgw_info\[user\]\[preferences
\]\[common\]\[country\]=\.\./\.\."
<
< #ExBB Italia "exbb[home_path]" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "modules/userstop/userstop\.php"
"chain,id:390134,rev:1,severity:2,msg:'JITP: ExBB Italia exbb[home_path]
File Inclusion Vulnerability'"
< SecFilterSelective REQUEST_URI "exbb\[home_path\]=((ht|f)tps?:/|
\.\./\.\.)"
<
< #Web3news "PHPSECURITYADMIN_PATH" File Inclusion
< SecFilterSelective REQUEST_URI "security/include/_class\.security
\.php" "chain,id:390135,rev:1,severity:2,msg:'JITP: Web3news
PHPSECURITYADMIN_PATH File Inclusion Vulnerabilities'"
< SecFilterSelective ARG_PHPSECURITYADMIN_PATH "((ht|f)tps?:/|
\.\./\.\.)"
<
< #phpCOIN "_CCFG[_PKG_PATH_INCL]" File Inclusion
< SecFilterSelective REQUEST_URI "\.php\?"
"chain,id:390136,rev:1,severity:2,msg:'JITP: phpCOIN
_CCFG[_PKG_PATH_INCL] File Inclusion'"
< SecFilterSelective REQUEST_URI "_CCFG\[_PKG_PATH_INCL\]=((ht|f)tps?:/|
\.\./\.\.)"
<
< #Wikepage "lng" Local File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "index\.php"
"chain,id:390137,rev:1,severity:2,msg:'JITP: Wikepage lng Local File
Inclusion Vulnerability'"
< SecFilterSelective ARG_lng "((ht|f)tps?:/|\.\./\.\.)"
<
< #Empire CMS "check_path" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "e/class/CheckLevel\.php"
"chain,id:390138,rev:1,severity:2,msg:'JITP: Empire CMS check_path File
Inclusion Vulnerability'"
< SecFilterSelective ARG_check_path "((ht|f)tps?:/|\.\./\.\.)"
<
< #Dolphin "dir[inc]" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "templates/tmpl_dfl/scripts/index.php"
"chain,id:390139,rev:1,severity:2,msg:'JITP: Dolphin dir[inc] File
Inclusion Vulnerability'"
< SecFilterSelective REQUEST_URI "dir\[inc\]=((ht|f)tps?:/|\.\./\.\.)"
<
< #SportsPHool "mainnav" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "includes/layout/plain\.footer\.php"
"chain,id:390140,rev:1,severity:2,msg:'JITP: SportsPHool mainnav File
Inclusion Vulnerability'"
< SecFilterSelective ARG_mainnav "((ht|f)tps?:/|\.\./\.\.)"
<
< #NES Game & NES System "phphtmllib" File Inclusion
< SecFilterSelective REQUEST_URI "\.php\?"
"chain,id:390141,rev:1,severity:2,msg:'JITP: NES Game & NES System
phphtmllib File Inclusion'"
< SecFilterSelective ARG_phphtmllib "((ht|f)tps?:/|\.\./\.\.)"
<
< #PHlyMail Lite "_PM_[path][handler]" File Inclusion Vulnerability
< SecFilterSelective REQUEST_URI "handlers/email/mod.listmail.php"
"chain,id:390142,rev:1,severity:2,msg:'JITP: PHlyMail Lite
_PM_[path][handler] File Inclusion Vulnerability'"
< SecFilterSelective REQUEST_URI "_PM_\[path\]\[handler\]=((ht|f)tps?:/|
\.\./\.\.)"
<
< #Sonium Enterprise Adressbook "folder" File Inclusion Vulnerabilities
< SecFilterSelective REQUEST_URI "/plugins/(1_Adressbuch/new|
2_Branchen/edit|3_Typ/delete)\.php\?"
"chain,id:390143,rev:1,severity:2,msg:'JITP: Sonium Enterprise
Adressbook folder File Inclusion Vulnerabilities'"
< SecFilterSelective ARG_folder "((ht|f)tps?:/|\.\./\.\.)"

-- 
Michael T. Shinn                                    KeyID:0xDAE2EC86
Key Fingerprint:  1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86
  
Got Root?  http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls:  http://troubleshootingfirewalls.com

More information about the Modsecurity mailing list