[Owasp-modsecurity-core-rule-set] Information on rule 960038

Malcolm Allison [CASS] Malcolm.Allison at cass.govt.nz
Wed Aug 3 23:57:56 UTC 2016


We are running modsecurtiy with Owasp CRS and I'm after some information on one of the included rules.

Specifically I am after information on why this rule exists and what vulnerabilities it is protecting us from. Searching around I found this page for a different rule, which contains exactly the type of information I'm looking for...


I can't seem to find the corresponding page for rule 960038.

>From what I can tell of the rule, in our case it is matching a header line that ends in 'via', but is case sensitive, so it doesn't match 'Via'. I would like to understand why this is case-sensitive and what the potential vulnerability is. Any and all pointers gratefully accepted.



                             CONFIDENTIALITY NOTICE
The information in this email is confidential to the Treasury, intended only for the addressee(s), and may also be legally privileged.  If you are not an intended addressee:
a.  please immediately delete this email and notify the Treasury by return email or telephone (64 4 472 2733);
b.  any use, dissemination or copying of this email is strictly prohibited and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20160803/3824bfb3/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list