[Owasp-modsecurity-core-rule-set] Submit a change in the CRS

Chaim Sanders CSanders at trustwave.com
Sun Jul 19 14:34:39 UTC 2015

Try not to be an alarmist by calling it a vulnerability. It is a protection that is simply not offered because most people don't end up reflecting user agents onto their page, for pretty obvious reasons. That being said you are fully encouraged to develop protections for this if you feel it to be an oversight. If you don't know how to do this I am more then willing to work offline to help you accomplish this goal. In general you would modify a rule present in the XSS section to include Request_Headers:User-Agent. (https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/REQUEST-41-APPLICATION-ATTACK-XSS.conf). Within this config file we have accumulated a number of different XSS filters over time. Feel free to identify which ones make the most sense for where your protection should be placed and add it. You can then issue a push request adding this feature as we use github for version control.

From: Michele Roviello <micheleroviello at gmail.com<mailto:micheleroviello at gmail.com>>
Date: Sunday, July 19, 2015 at 5:34 AM
To: "owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:owasp-modsecurity-core-rule-set at lists.owasp.org>" <owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:owasp-modsecurity-core-rule-set at lists.owasp.org>>
Subject: [Owasp-modsecurity-core-rule-set] Submit a change in the CRS

I have found a vulnerability in the CRS, I discussed it in a previous mail and they suggested me to submit the protection to this issue.
Can someone tell me what I should I do to submit a change in the CRS?

Thank you for your help
Michele Roviello


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150719/b87a4f38/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list