View Single Post
  #1   (View Single Post)  
Old 29th May 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default DoS vulnerability in ModSecurity fixed

From http://h-online.com/-1872307

Quote:
The development team behind open source web application firewall ModSecurity has fixed a vulnerability which could be exploited by attackers to crash the firewall. Using a crafted HTTP request to execute the action forceRequestBodyVariable with an unknown content type resulted in a null pointer dereference.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote