[Owasp-modsecurity-core-rule-set] Information on rule 960038

Malcolm Allison [CASS] Malcolm.Allison at cass.govt.nz
Wed Aug 3 23:57:56 UTC 2016


Hi,

We are running modsecurtiy with Owasp CRS and I'm after some information on one of the included rules.

Specifically I am after information on why this rule exists and what vulnerabilities it is protecting us from. Searching around I found this page for a different rule, which contains exactly the type of information I'm looking for...

https://www.owasp.org/index.php/ModSecurity_CRS_RuleID-960911

I can't seem to find the corresponding page for rule 960038.

>From what I can tell of the rule, in our case it is matching a header line that ends in 'via', but is case sensitive, so it doesn't match 'Via'. I would like to understand why this is case-sensitive and what the potential vulnerability is. Any and all pointers gratefully accepted.


Regards,
Malcolm.


[UNCLASSIFIED]


--
                             CONFIDENTIALITY NOTICE
The information in this email is confidential to the Treasury, intended only for the addressee(s), and may also be legally privileged.  If you are not an intended addressee:
a.  please immediately delete this email and notify the Treasury by return email or telephone (64 4 472 2733);
b.  any use, dissemination or copying of this email is strictly prohibited and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20160803/3824bfb3/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list