Web Application Security - Trustwave WAF
May 2, 2018
Trustwave SpiderLabs® is pleased to announce the release of CorSigs version 4.54 for Trustwave Web Application Firewall (WAF) versions 8.5 and 9.0. This update is built to detect attacks or classes of attacks on web applications and their components
This release includes one major rule that protects against Drupalgeddon RCE:
The Drupal versions before 7.58, 8.3.9, 8.4.6, and 8.5.1 allows an unauthenticated remote user to perform remote code execution on default or common Drupal installations due to faulty input validation on Form API (FAPI) AJAX requests. For more detailed technical analysis please refer to the SpiderLabs "Drupalgeddon2" Recent Developments blog.
How to Update
No action is required by customers running versions 8.5 or 9.0 of Trustwave WAF who subscribe to the online update feature. Their deployments will update automatically.
Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.