Re: [mod-security-users] Possible XML DDoS vuln in ModSecurity
Brought to you by:
victorhora,
zimmerletw
From: Christian F. <chr...@ti...> - 2013-09-23 13:06:23
|
Thanks for the transparency Ryan. Christian On Sun, Sep 22, 2013 at 04:05:37PM +0000, Ryan Barnett wrote: > FYI the reporter had a misunderstanding and has updated the story. The vuln referenced was patched in a previous version. > > Ryan Barnett > Lead Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com<http://www.trustwave.com/> > > On Sep 19, 2013, at 7:20 AM, "Ryan Barnett" <RBa...@tr...<mailto:RBa...@tr...>> wrote: > > A German news article mentions a possible vuln however there are no technical details - > > http://www.golem.de/news/modsecurity-sicherheitsluecke-in-der-web-application-firewall-1309-101670.html > > I have contacted Softscheck for information and will notify the community when I hear something. > > Ryan Barnett > Lead Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com<http://www.trustwave.com/> > > ________________________________ > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. > http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |