We have released CorSigs version 4.48 for Trustwave Web Application Firewall (WAF) versions 7.6, 8.0 and 8.5. The purpose of these rules is to detect attack sequences or classes of attacks on a web application and its components.
- File Uploads Detection
Trustwave Anti-Virus runs a security check on each file uploaded to your web server using an HTTP request. This will create an alert when uploaded files are detected as infected, suspicious or password protected.
- SQL Information Leakage Enhancement
SQL Injection is an application layer attack technique that exploits the lack of input validation, enabling the attacker to execute arbitrary SQL commands on the system. By using specially crafted input, the attacker can cause the combined SQL query to perform malicious operations, such as retrieving sensitive information. An enhancement to Trustwave WAF's mitigation in such scenarios has been made.
How to Update
No action is required by customers running versions 7.6, 8.0 and 8.5 of Trustwave Web Application Firewall and who subscribe to the online update feature. Their deployments will update automatically.
Note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default, so that site managers can inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.