github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-16 00:17:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

update CHANGES

Browse Source
This commit is contained in:
brenosilva
2012-06-14 13:54:05 +00:00
parent c6da0f9fad
commit 37286e9f22
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -3,9 +3,8 @@
* Added build system support for KfreeBSD and HURD. * Added build system support for KfreeBSD and HURD.
* In 2009, Stefan Esser published an evasion technique that relies on the use of single quotes and PHP. * Fixed a multipart bypass issue related to quote parsing
The trick was treating a request parameter as a file. A patch was applied into ModSecurity 2.5.11 by Brian Rectanus. Credits to Qualys Vulnerability & Malware Research Labs (VMRL).
Ivan Ristic reported that the patch was imcomplete. We added extra checks for this evasion.
20 Mar 2012 - 2.6.5 20 Mar 2012 - 2.6.5
------------------- -------------------