v3.1-rc2 changes

SpiderLabs · Nov 12, 2018 · ab24a20 · ab24a20
1 parent 5cd2c00
commit ab24a20
Show file tree

Hide file tree

Showing 26 changed files with 36 additions and 26 deletions.
diff --git a/CHANGES b/CHANGES
@@ -6,10 +6,20 @@
 * https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
 
 == Version 3.1.0 - 8/7/2018 ==
-
+ * Add Detectify scanner (theMiddle)
+ * Renaming matched_var/s (Victor Hora)
+ * Remove lines with bare '#' comment char (Walter Hop)
+ * Drop the XML variable from rule 932190 (Federico G. Schwindt)
+ * Update outdated URLs (Walter Hop)
+ * remove unused rule 901180 (Walter Hop)
+ * Drop exit from unix and windows RCE (Federico G. Schwindt)
+ * Fix anomaly_score counters (Federico G. Schwindt)
+ * Remove mostly redundant 944220 in favor of 944240 (Christian Folini)
  * Add self[ and document[ to rule 941180 (theMiddle)
  * Provide proxy support within CRS docker image (Scott O'Neil)
  * Prevent bypass in rule 930120 PL3 (theMiddle)
+ * Fix small typo in variable (Felipe Zipitría)
+ * Fix bug #1166 in Docker image (Franziska Bühler)
  * Remove revision status from rules (Federico G. Schwindt) 
  * Add template for issues (Federico G. Schwindt)
  * Correct failing travis tests in merge situations (Federico G. Schwindt)

diff --git a/rules/REQUEST-901-INITIALIZATION.conf b/rules/REQUEST-901-INITIALIZATION.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf b/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf b/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-905-COMMON-EXCEPTIONS.conf b/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-910-IP-REPUTATION.conf b/rules/REQUEST-910-IP-REPUTATION.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-911-METHOD-ENFORCEMENT.conf b/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-912-DOS-PROTECTION.conf b/rules/REQUEST-912-DOS-PROTECTION.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-913-SCANNER-DETECTION.conf b/rules/REQUEST-913-SCANNER-DETECTION.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf b/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-921-PROTOCOL-ATTACK.conf b/rules/REQUEST-921-PROTOCOL-ATTACK.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf b/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf b/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf b/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf b/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf b/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf b/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/REQUEST-949-BLOCKING-EVALUATION.conf b/rules/REQUEST-949-BLOCKING-EVALUATION.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/RESPONSE-950-DATA-LEAKAGES.conf b/rules/RESPONSE-950-DATA-LEAKAGES.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf b/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf b/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf b/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf b/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/RESPONSE-959-BLOCKING-EVALUATION.conf b/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2

diff --git a/rules/RESPONSE-980-CORRELATION.conf b/rules/RESPONSE-980-CORRELATION.conf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 # OWASP ModSecurity Core Rule Set ver.3.1.0
-# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2006-2018 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
 # Apache Software License (ASL) version 2