Trustwave Web Application Firewall Signature Update 4.50 Now Available

Trustwave Spiderlabs is pleased to announce the release of CorSigs version 4.50 for Trustwave Web Application Firewall (WAF) versions 7.6, 8.0 and 8.5. These rules are written to detect attacks or classes of attacks on web applications and their components.

Release Summary

This release includes the following new signatures:

CVE-2012-0053: Apache HTTPOnly Cookie Disclosure
The Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies.

This release also includes accuracy updates, improvements and policy updates for following rules:

  • Cross-site scripting (XSS)
  • SQL injection (Pattern + Anomaly)
  • GNU Bash Code Injection Vulnerability aka Shellshock
  • Request is missing an HTTP User-Agent header
  • Robots.txt access
  • Remote file inclusion (RFI)

How to Update

No action is required by customers running versions 7.6, 8.0 or 8.5 of Trustwave Web Application Firewall and whom subscribe to the online update feature. Their deployments will update automatically.

Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default in order to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.