We have just released Corsigs version 4.45 for users of Trustwave Web Application Firewall (WAF) 7.6, 8.0 and 8.5. These new rules help protect users' Web applications against malicious traffic targeting the vulnerabilities listed below.
- Slow Client Attacks – Request and Response
A Slow Client Attack (also known as a Slowloris HTTP DoS Attack) is where an attacker deliberately sends multiple partial HTTP requests to a Web server, making it temporarily unavailable due to memory resources opened on the server.
Trustwave WAF covers both request and response attacks.
Note: This feature is supported only by Trustwave WAF version 8.0 and later.
- Cross-Site Scripting (XSS) Attacks
An improvement in the detection of XSS attacks was made in order to increase the protection level against such attacks and eliminate false positives.
- Enrichment and Correction of Information
Outdated links and references were replaced with up-to-date ones. In addition, elaboration was done on information regarding existing rules of XSS, SQLI and many more.
How to Update
No action is required by customers running version 7.6, 8.0 and 8.5 of Trustwave Web Application Firewall and who subscribe to the online update feature. Their deployments will receive the update automatically.
Note that even if blocking actions are defined for a protected site, Simulation mode for these rules is ON by default. Site managers can therefore inspect the impact of the new rules before actually blocking relevant traffic. If you would like to activate blocking actions for this rule, you need to update the Actions for this signature in the Policy Manager.