[Owasp-modsecurity-core-rule-set] Some XSS evasions posted
CSanders at trustwave.com
Tue Sep 15 13:23:18 UTC 2015
As far as I am aware we have not received anything. It certainly didn¹t go
to this mailing list and I don¹t recall anything on
security at modsecurity.org. I am be preparing a blog post where we analysis
these attacks as we speak. Be on the lookout for it :)
On 9/15/15, 12:03 AM,
"owasp-modsecurity-core-rule-set-bounces at lists.owasp.org on behalf of
Christian Folini" <owasp-modsecurity-core-rule-set-bounces at lists.owasp.org
on behalf of christian.folini at time-machine.ch> wrote:
>What is funny about the paper is, that he lists contact with all
>the other vendors and how they reacted to his responsible
>disclosure, but this is missing for ModSec.
>Has there been no contact / no interest to patch in due time?
>It's easier to ask forgiveness, than it is to get permission.
>-- Radm Grace Hopper, aka Amazing Grace
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set at lists.owasp.org
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
More information about the Owasp-modsecurity-core-rule-set