mod-security-users

[mod-security-users] Mitigate Vulnerability

[i2 V. P. P. <vic...@i2...>]

Hi everyone.

Currently I have the ModSecurity WAF implemented in the KEMP balancer.

Does anyone know if the current ModSecurity rules have the CVE-2019-18935 vulnerability mitigated?

I send some information links about this vulnerability:


https://redcanary.com/blog/blue-mockingbird-cryptominer/
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui


Regards,

[https://soporte.i2ss.com/support/ImageDisplay?downloadType=uploadedFile&fileName=1543931572313.jpg&blockId=8bd18acb6c84338e24f1117395f07c021559198a4dcd9882&zgId=20283b104f62974de612657a51fd5fbe&mode=view]

VÍCTOR HUGO PINZÓN PAEZ
Ingeniero de Soporte
i2 SISTEMAS Y SEGURIDAD INFORMATICA LTDA .
Tel: 571 – 6958476 Ext. 2303 | Cel: 3007186030
www.i2ss.com <http://www.i2ss.com/> | so...@i2... <mailto:so...@i2...>

CONFIDENCIALIDAD: Este mensaje se dirige exclusivamente a su destinatario y puede contener información privilegiada o confidencial. Si no es usted el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, por favor comuníquelo inmediatamente por esta misma vía y proceda a su destrucción. Gracias.



CONFIDENTIALITY: This message is intended exclusively for its addressee and may contain information that is CONFIDENTIAL and protected by professional privilege. If you are not the intended recipient you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited by law. If this message has been received in error, please immediately notify us via e-mail and delete it. Thank You.

Re: [mod-security-users] Mitigate Vulnerability

[Christian F. <chr...@ne...>]

Hey Victor,

Kemp uses the commercial Trustwave Spiderlabs rules by default.  I reckon
that's what you are running then. The rules are not open source so it's not so
simple to check.  So unless Trustwave responds here on the list, it's probably
best to ask Trustwave directly or Kemp support.

Best,

Christian



On Tue, Sep 29, 2020 at 06:05:59PM +0000, i2 Victor Pinzon Paez wrote:
> Hi everyone.
> 
> Currently I have the ModSecurity WAF implemented in the KEMP balancer.
> 
> Does anyone know if the current ModSecurity rules have the CVE-2019-18935 vulnerability mitigated?
> 
> I send some information links about this vulnerability:
> 
> 
> https://redcanary.com/blog/blue-mockingbird-cryptominer/
> https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
> 
> 
> Regards,
> 
> [https://soporte.i2ss.com/support/ImageDisplay?downloadType=uploadedFile&fileName=1543931572313.jpg&blockId=8bd18acb6c84338e24f1117395f07c021559198a4dcd9882&zgId=20283b104f62974de612657a51fd5fbe&mode=view]
> 
> VÍCTOR HUGO PINZÓN PAEZ
> Ingeniero de Soporte
> i2 SISTEMAS Y SEGURIDAD INFORMATICA LTDA .
> Tel: 571 – 6958476 Ext. 2303 | Cel: 3007186030
> www.i2ss.com <http://www.i2ss.com/> | so...@i2... <mailto:so...@i2...>
> 
> CONFIDENCIALIDAD: Este mensaje se dirige exclusivamente a su destinatario y puede contener información privilegiada o confidencial. Si no es usted el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, por favor comuníquelo inmediatamente por esta misma vía y proceda a su destrucción. Gracias.
> 
> 
> 
> CONFIDENTIALITY: This message is intended exclusively for its addressee and may contain information that is CONFIDENTIAL and protected by professional privilege. If you are not the intended recipient you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited by law. If this message has been received in error, please immediately notify us via e-mail and delete it. Thank You.
> 


> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/