[Owasp-modsecurity-core-rule-set] Check for User-agent field missing in CRS

Chaim Sanders CSanders at trustwave.com
Wed Jul 15 13:50:40 UTC 2015

This seems to be true. If you believe this to be a major oversight, we invite you to submit such a protection if you deem it to be necessary. Please note that if submitting it should be submitted to the 3.0 branch. Additionally, note the use of @detectXSS would not work here as libinjection is not designed to detectXSS in headers.

From: Michele Roviello <micheleroviello at gmail.com<mailto:micheleroviello at gmail.com>>
Date: Wednesday, July 15, 2015 at 7:46 AM
To: "owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:owasp-modsecurity-core-rule-set at lists.owasp.org>" <owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:owasp-modsecurity-core-rule-set at lists.owasp.org>>
Subject: [Owasp-modsecurity-core-rule-set] Check for User-agent field missing in CRS

I have done some tests on XSS attacks with ModSecurity and the base rules for XSS attack from the CRS.
I have found that this set of rules doesn't check for an XSS attack vector in the User-agent field of the HTTP message.
Is this true or am I missing something?
Thank you for your consideration,
Michele Roviello


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150715/6f4e1d04/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list