[Bug 231728] CVE-2007-1359: mod_security <= 2.1.0 request rule bypass
bugzilla at redhat.com
bugzilla at redhat.com
Sun Mar 11 06:17:01 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728
------- Additional Comments From mfleming+rpm at enlartenment.com 2007-03-11 01:16 EST -------
Folks,
I've run up some preliminary 2.1.0 RPMs for Core 5 and 6 (i386 and x86_64, no
ppc or Rawhide here sorry) at http://www.enlartenment.com/modsecurity/ for those
interested in giving them a test prior to me importing them into CVS.
It's a fairly serious upgrade and I want to spring as few surprises on users as
I can - however if you've not tinkered too much with 1.9's config as I've
shipped it you should see no problems.
I've turned on the Core Rules set (minus 2 dodgy sets Ivan is aware of) and
added the above rule to a local set to ideally fix the reported vulnerability.
The server they're hosted on is also running this version and ruleset as a
proof-of-concept / eat-my-own-dogfood demonstration.
Any feedback appreciated.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the security
mailing list