Categories: cyber securityCyber Security News

OWASP ModSecurity Core Rule 3.3.5 Released – What’s New!

The CRS v3.3.5 release has been announced by the OWASP ModSecurity Core Rule Set (CRS) team.

The OWASP ModSecurity Core Rule Set (CRS) is a set of general attack detection rules that may be used with ModSecurity or other compatible web application firewalls.

The CRS seeks to guard online applications against a variety of assaults, including the OWASP Top Ten, while producing the few false alarms as possible.

The CRS offers defense against numerous popular attack types, such as SQL Injection, Cross Site Scripting, Local File Inclusion, and others.

Fixes To CVE-2023-38199 – Multiple Content-Type Headers

On March 24, 2023, the ModSecurity project first raised this vulnerability to the attention of the CRS project.

Multiple HTTP “Content-Type” header fields are not detected by the OWASP ModSecurity Core Rule Set (CRS) v3.3.4.

Because of this, on some platforms, a CRS installation may interpret an HTTP request body differently (as a result of the differing Content-Type) than a backend web application would.

The company later determined that the CRS reference platform (ModSecurity 2.9.x on Apache 2.4) was unaffected.

To resolve this vulnerability, CRS 3.3.5 has just been released.

“This is a security release which fixes the recently announced CVE-2023-38199, whereby it is possible to cause an impedance mismatch on some platforms running CRS v3.3.4 and earlier by submitting a request with multiple Content-Type headers”, the Core Rule Set development team said in its advisory.

Other Changes and Improvements in CRS v3.3.5 Release

  • Fix paranoia level-related scoring issue in rule 921422 (Walter Hop)
  • Move auditLogParts actions to the end of chained rules where used (Ervin Hegedus)
  • Clean up redundant paranoia-level tags (Ervin Hegedus)
  • Clean up YAML test files to support go-ftw testing framework (Felipe Zipitría)
  • Move testing framework from ftw to go-ftw (Felipe Zipitría)
  • Update sponsors list and copyright notices (Felipe Zipitría)

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: cyber securityModsecurity
2 years ago

Recent Posts

SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool

The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting…

40 minutes ago

Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA

Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass…

55 minutes ago

Threat Actors Exploit Messaging Services as Lucrative Cybercrime Platforms

Threat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic,…

1 hour ago

Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens

The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as…

2 hours ago

North Korean Hackers Use Social Engineering and Python Scripts to Execute Stealthy Commands

North Korean threat actors have demonstrated their adept use of social engineering techniques combined with…

2 hours ago

Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed

Gcore, the global edge AI, cloud, network, and security solutions provider, has launched Super Transit,…

6 hours ago