We've just released a new version (4.41) of Corsigs for users of Trustwave Web Application Firewall (WAF) version 7.0. These new rules help protect users' web applications against malicious traffic targeting the vulnerabilities listed below.
- JSF*CK exploit technique
- There has been discovered a severe vulnerability in eBay's online sales platform. This vulnerability allows attackers to bypass eBay's code validation and control the vulnerable code remotely to execute malicious Java script code on targeted eBay users. (According to CheckPoint's Blog)
- Minor Enhancement of Malformed HTTP Headers
- The Trustwave WAF should raise an event when there is a trailing space character appearing in HTTP header names as this is malformed HTTP and does not match RFC2616
- Improved Detection of XML-Based Attacks
- Improving Detection of XXE attacks, which occur when an XML parser processes XML input containing a reference to an external entity. This may lead to disclosure of confidential data, DDoS, CSRF and more.
How to Update
No action is required of customers that run version 7.0 of Trustwave Web Application Firewall and subscribe to the online update feature. Their deployments will receive the update automatically.
Note that even if blocking actions are defined for a protected site, simulation mode for these rules is ON by default so that site managers can inspect the impact of new rules before actually blocking relevant traffic. If you would like to activate blocking actions for this rule, you need to update the Actions for this signature in the Policy Manager.