[Owasp-modsecurity-core-rule-set] Owasp-modsecurity-core-rule-set Digest, Vol 77, Issue 5

OtherData info at otherdata.com
Tue Sep 15 15:18:51 UTC 2015

I am also interested in why the 2.2.9 rule set is still considered the
latest rule set, and 3.0 is not.  The 3.0 ruleset appears to be now bundled
with cPanel which is confusing as to why they would bundle it with cPanel if
it is not stable.

Wesley Render, Consultant

-----Original Message-----
From: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org
[mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] On Behalf
Of owasp-modsecurity-core-rule-set-request at lists.owasp.org
Sent: September 15, 2015 6:00 AM
To: owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: Owasp-modsecurity-core-rule-set Digest, Vol 77, Issue 5

Send Owasp-modsecurity-core-rule-set mailing list submissions to
	owasp-modsecurity-core-rule-set at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit

or, via email, send a message with subject or body 'help' to
	owasp-modsecurity-core-rule-set-request at lists.owasp.org

You can reach the person managing the list at
	owasp-modsecurity-core-rule-set-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Owasp-modsecurity-core-rule-set digest..."

Today's Topics:

   1. Using 3.0 ruleset (kause lotski)
   2. Re: Some XSS evasions posted (Christian Folini)


Message: 1
Date: Mon, 14 Sep 2015 18:19:38 +0000 (UTC)
From: kause lotski <kauselot at yahoo.com>
To: "owasp-modsecurity-core-rule-set at lists.owasp.org"
	<owasp-modsecurity-core-rule-set at lists.owasp.org>
Subject: [Owasp-modsecurity-core-rule-set] Using 3.0 ruleset
	<1997255831.2489169.1442254778503.JavaMail.yahoo at mail.yahoo.com>
Content-Type: text/plain; charset="utf-8"

as it seems 3.0 greatly improves extended character sets in unicode handling
(false positives due to this characters), I would like to give it a try. But
as structure has totally changed INSTALL instructions aren't correct anymore
in 3.0 branch, can someone give me a quick guide? is there any ETA for 3.0 ?

-------------- next part --------------
An HTML attachment was scrubbed...


Message: 2
Date: Tue, 15 Sep 2015 06:03:05 +0200
From: Christian Folini <christian.folini at time-machine.ch>
To: owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: Re: [Owasp-modsecurity-core-rule-set] Some XSS evasions
Message-ID: <20150915040305.GA18940 at elias>
Content-Type: text/plain; charset=utf-8

Good morning,

What is funny about the paper is, that he lists contact with all the other
vendors and how they reacted to his responsible disclosure, but this is
missing for ModSec.

Has there been no contact / no interest to patch in due time?



It's easier to ask forgiveness, than it is to get permission.
-- Radm Grace Hopper, aka Amazing Grace


Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set at lists.owasp.org

End of Owasp-modsecurity-core-rule-set Digest, Vol 77, Issue 5

More information about the Owasp-modsecurity-core-rule-set mailing list