Re: [mod-security-users] modsecurity vs CVE-2010-4476?
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <RBa...@tr...> - 2011-02-10 16:23:00
|
On 2/10/11 1:31 AM, "Jason Haar" <Jas...@tr...> wrote: >Hi there > >Does modsecurity detect/protect against the Java vulnerability mentioned >in CVE-2010-4476? ModSecurity doesn't detection/protect much of anything on its own, so I am assuming you mean, does the OWASP CRS help protect against this attack payload? The answer to that question is no. This is a very specific issue only effecting one platform. What can do, however, is create a quick virtual patch/attack filter looking for that specific floating point value - SecRule ARGS|REQUEST_HEADERS "@contains 2.2250738585072012e-308" "phase:2,block,msg:'Java Floating Point DoS Attack',tag:'CVE-2010-4476'" Hope this helps. -Ryan > >eg > https://lists.wisc.edu/read/messages?id=11523793#11523793 > >shows the exploit to be absolutely trivial - what a disaster! > >-- >Cheers > >Jason Haar >Information Security Manager, Trimble Navigation Ltd. >Phone: +64 3 9635 377 Fax: +64 3 9635 417 >PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > >-------------------------------------------------------------------------- >---- >The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: >Pinpoint memory and threading errors before they happen. >Find and fix more than 250 security defects in the development cycle. >Locate bottlenecks in serial and parallel code that limit performance. >http://p.sf.net/sfu/intel-dev2devfeb >_______________________________________________ >mod-security-users mailing list >mod...@li... >https://lists.sourceforge.net/lists/listinfo/mod-security-users >Commercial ModSecurity Appliances, Rule Sets and Support: >http://www.modsecurity.org/breach/index.html > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |