github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 14:46:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

update CHANGES

Browse Source
This commit is contained in:
brenosilva 2012-06-14 13:54:05 +00:00
parent 9d2b4568fc
commit 51067c23dd
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -91,9 +91,8 @@
* Added build system support for KfreeBSD and HURD. * Added build system support for KfreeBSD and HURD.
* In 2009, Stefan Esser published an evasion technique that relies on the use of single quotes and PHP. * Fixed a multipart bypass issue related to quote parsing
The trick was treating a request parameter as a file. A patch was applied into ModSecurity 2.5.11 by Brian Rectanus. Credits to Qualys Vulnerability & Malware Research Labs (VMRL).
Ivan Ristic reported that the patch was imcomplete. We added extra checks for this evasion.
20 Mar 2012 - 2.6.5 20 Mar 2012 - 2.6.5
------------------- -------------------