The CRS v3.3.5 release has been announced by the OWASP ModSecurity Core Rule Set (CRS) team.
The OWASP ModSecurity Core Rule Set (CRS) is a set of general attack detection rules that may be used with ModSecurity or other compatible web application firewalls.
The CRS seeks to guard online applications against a variety of assaults, including the OWASP Top Ten, while producing the few false alarms as possible.
The CRS offers defense against numerous popular attack types, such as SQL Injection, Cross Site Scripting, Local File Inclusion, and others.
On March 24, 2023, the ModSecurity project first raised this vulnerability to the attention of the CRS project.
Multiple HTTP “Content-Type” header fields are not detected by the OWASP ModSecurity Core Rule Set (CRS) v3.3.4.
Because of this, on some platforms, a CRS installation may interpret an HTTP request body differently (as a result of the differing Content-Type) than a backend web application would.
The company later determined that the CRS reference platform (ModSecurity 2.9.x on Apache 2.4) was unaffected.
To resolve this vulnerability, CRS 3.3.5 has just been released.
“This is a security release which fixes the recently announced CVE-2023-38199, whereby it is possible to cause an impedance mismatch on some platforms running CRS v3.3.4 and earlier by submitting a request with multiple Content-Type headers”, the Core Rule Set development team said in its advisory.
Stay up-to-date with the latest Cyber Security News; follow us on GoogleNews, Linkedin, Twitter, and Facebook.
Data is a critical asset in today's digital business landscape. The loss of crucial information…
A new tool called FraudGPT has been launched by cybercriminals which pose a serious threat…
MikroTik RouterOS were vulnerable to a privilege escalation vulnerability which was first disclosed in June…
The CPUs that are based on x86-64 architecture feature XMM registers (128-bit), recently extended to…
Reports indicate that a Smishing campaign was conducted against Japanese Android users under the name…
A 24-year-old man named Amir Hossein Golshan from Downtown Los Angeles has pleaded guilty for…