[Owasp-modsecurity-core-rule-set] Fwd: [JIRA] Resolved: (CORERULES-8) Filter Bypass Vulnerability

Junyong Jiang dreamice.jiang at gmail.com
Sun Aug 2 07:28:37 EDT 2009


Dear Ryan,

I have another question about this HPP rule. The definition of HPP attack is
that the  'arg_names' includes data segment like "user=a & user=d & user=m &
user=i & user=n". The multi-parameter is "user". But if we login a user with
the same username and password, this is also recognized as HPP attack. For
example "username=admin&password=admin".  The differences between these two
cases are: the multi-parameters are before or after "=".  I want to know
whether need we differentiate these two cases in the HPP detection rules.

Thanks a lot.

2009/8/1 Ryan Barnett <ryan.barnett at breach.com>

> ---------- Forwarded Message ----------
>
>
> Subject: [JIRA] Resolved: (CORERULES-8) Filter Bypass Vulnerability
> Date: Friday 31 July 2009
> From: "Ryan Barnett (JIRA)" <modsecurity at tracker.modsecurity.org>
> To: Ryan Barnett <Ryan.Barnett at breach.com>
>
>
>
> [
> https://www.modsecurity.org/tracker/browse/CORERULES-8?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel]
>
>
> Ryan Barnett resolved CORERULES-8.
> ----------------------------------
>
>
> Resolution: Fixed
> Fix Version/s: (was: 1.7.0)
> 2.0.0
>
>
> We added this HTTP Parameter Pollution (HPP) rule to the CRS v.2.0.0.
>
>
> > Filter Bypass Vulnerability
> > ---------------------------
> >
> > Key: CORERULES-8
> > URL: https://www.modsecurity.org/tracker/browse/CORERULES-8
> > Project: Core Rules
> > Issue Type: Bug
> > Security Level: Normal
> > Affects Versions: 1.6.1
> > Reporter: Samiux AU
> > Assignee: Ryan Barnett
> > Fix For: 2.0.0
> >
> >
> > Details please refer to this link.
> > http://www.milw0rm.com/exploits/8930
>
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:
> https://www.modsecurity.org/tracker/secure/Administrators.jspa
> -
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>
>
> -------------------------------------------------------
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20090802/4bc647ca/attachment.html 


More information about the Owasp-modsecurity-core-rule-set mailing list