Hacking News no image

Published on June 3rd, 2013 📆 | 5401 Views ⚑

0

ModSecurity v2.7.4 Released

ModSecurity™ is an open source, free web application firewall (WAF) Apache module. With over
70% of all attacks now carried out over the web application level, organizations need all the help
they can get in making their systems secure .

Changelog v2.7.4

Improvements

Added Libinjection project http://www.client9.com/projects/libinjection/ as a new operator
@detectSQLi. (Thanks Nick Galbreath).
Added new variable SDBM_DELETE_ERROR that will be set to 1 when sdbm engine
fails to delete entries.
NGINX is now set to STABLE. Thanks chaizhenhua and all the people in community
who help the project testing, sending feedback and patches.
Bug Fixes
Fixed SecRulePerfTime storing unnecessary rules performance times.
Fixed Possible SDBM deadlock condition.
Fixed Possible @rsub memory leak.
Fixed REMOTE_ADDR content will receive the client ip address when mod_remoteip.c
is present.
Fixed NGINX Audit engine in Concurrent mode was overwriting existing alert files
because a issue with UNIQUE_ID.
Fixed CPU 100% issue in NGINX port. This is also related to an memory leak when
loading response body.
Security Issues
Fixed Remote Null Pointer DeReference (CVE-2013-2765). When
forceRequestBodyVariable action is triggered and a unknown Content-Type is used,
mod_security will crash trying to manipulate msr->msc_reqbody_chunks->elts however
msr->msc_reqbody_chunks is NULL. (Thanks Younes JAAIDI)

 download : http://www.modsecurity.org/download/

Download Premium WordPress Themes Free
Download WordPress Themes Free
Download Premium WordPress Themes Free
Download WordPress Themes
download udemy paid course for free

Tagged with:



Leave a Reply ✍


loading...