I am pleased to announce the release of the OWASP CRS v2.2.1.
This is a significant update with regards to SQL Injection protections. Trustwave's SpiderLabs Team conducted an analysis/review of the SQL Injection Challenge Level II evasions - http://www.modsecurity.org/demo/challenge.html and made many updates to now detect the evasion techniques used during the challenge. SpiderLabs will soon be releasing a blog post providing details about the successful SQLi evasions used against the OWASP CRS >v.2.2.1 during the SQLi Challenge. Keeping responsible disclosure in mind, we have delayed public release of this blog post until we had an updated CRS for the community to install that detected these evasions.
*** It is highly recommended that you update your CRS installs ASAP to gain the improved SQL Injection protections. ***
CHANGELOG
--------------------------
Version 2.2.1 - 07/20/2011
--------------------------
Improvements:
- Extensive SQL Injection signature updates as a result of the SQLi Challenge
http://www.modsecurity.org/demo/challenge.html
- Updated the SQL Error message detection in reponse bodies
- Updated SQL Injection signatures to include more DB functions
- Updated the WEAK SQL Injection signatures
- Added tag AppSensor/RE8 to rule ID 960018
Bug Fixes:
- Fixed Bad Robot logic for rule ID 990012 to further qualify User-Agent matches
https://www.modsecurity.org/tracker/browse/CORERULES-70
- Fixed Session Hijacking rules to properly capture IP address network hashes.
- Added the multiMatch action to the SQLi rules
- Fixed a false negative logic flaw within the advanced_filter_converter.lua script
- Fixed missing : in id action in DoS ruleset.
- Updated rule ID 971150 signature to remove ;
--------------------------
DOWNLOADING
--------------------------
Manual Downloading:
You can always download the latest CRS version here -
https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/
Automated Downloading:
Use the rules-updater.pl script in the CRS /util directory
# Get a list of what the repository contains:
$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -lRepository: http://www.modsecurity.org/autoupdate/repositorymodsecurity-crs { 2.0.0: modsecurity-crs_2.0.0.zip 2.0.1: modsecurity-crs_2.0.1.zip 2.0.2: modsecurity-crs_2.0.2.zip 2.0.3: modsecurity-crs_2.0.3.zip 2.0.4: modsecurity-crs_2.0.4.zip 2.0.5: modsecurity-crs_2.0.5.zip 2.0.6: modsecurity-crs_2.0.6.zip 2.0.7: modsecurity-crs_2.0.7.zip 2.0.8: modsecurity-crs_2.0.8.zip 2.0.9: modsecurity-crs_2.0.9.zip 2.0.9: modsecurity-crs_2.0.10.zip 2.1.0: modsecurity-crs_2.1.0.zip 2.1.1: modsecurity-crs_2.1.1.zip 2.1.2: modsecurity-crs_2.1.2.zip 2.2.0: modsecurity-crs_2.2.0.zip 2.2.1: modsecurity-crs_2.2.1.zip}# Get the latest stable version of "modsecurity-crs":$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -prules -Smodsecurity-crsFetching: modsecurity-crs/modsecurity-crs_2.2.1.zip ...$ ls -R rulesmodsecurity-crsrules/modsecurity-crs:modsecurity-crs_2.2.1.zip modsecurity-crs_2.2.1.zip.sig