Evasion

ModSceurity 2.5.11 fixes an evasion vulnerability

By Ofer Shezaf - Posted on November 9th, 2009

Tagged:

[View]

Breach has release a new version of ModSecurity which fixes a vulnerability that may lead to an evasion. As stated in the release announcement sent to the mailing list by Brian Rectanus, by using non-standard (but accepted by some platforms) quoting, ModSecurity may be fooled into thinking some parameters are uploaded files.

New WAF bypass method take advantage of comment anti-evasion

By Ofer Shezaf - Posted on November 3rd, 2009

Tagged:

[View]

A new blog post by Dmitry Evteev shows how an obscure MySQL syntax can be used to bypass ModSecurity signatures. The interesting thing is that the new technique actually takes advantage of a ModSecurity anti-evasion measure.

Latest Stories

WAFs are not perfect, but is any security tool perfect? (Feb 9th 2010)
Forrester estimates the WAF market to be $220M in 2010 (Feb 9th 2010)
ModSecurity exceptions for TYPO3 (Jan 20th 2010)
Presentation about WAFs in the cloud (Jan 15th 2010)
The curse of PCI for WAFs (Jan 11th 2010)
A New Year, a New Acronym (Jan 10th 2010)
A Remote Command Injection Vulnerability Applicure's dotDefender Site Management. (Dec 10th 2009)

Navigation

Subscribe:

Xiom is the place to find information about Web Application Firewalls (WAFs) including reviews, analysis, announcements and research. Tune to the RSS channel to get every bit of information or subscribe to the newsletter to receive only in depth articles.

Xiom also leasd and hosts the Web Hacking Incidents Database, a Web Application Security Consortium project aimed at maintaining a list of web applications related security incidents.

Xiom is a community web site lead by Ofer Shezaf.

Xiom.com

The Web Application Firewalls Information Center

Evasion

ModSceurity 2.5.11 fixes an evasion vulnerability

New WAF bypass method take advantage of comment anti-evasion

WAF Resources

Latest Stories

Navigation