SpiderLabs owasp-modsecurity-crs issues

SpiderLabs / owasp-modsecurity-crs

OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)

https://modsecurity.org/crs

Apache License 2.0

2.44k stars 725 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

feat(templates): add text to gihub templates about migration

#1757 fzipi closed 4 years ago
0
False positive with WordPress when hosted from http://example.com/update-prefix

#1756 morko opened 4 years ago
1
Incompatible with ModSecurity 3.x?

#1755 Ziris85 closed 4 years ago
1
false positive on rule 932110

#1754 randyoo opened 4 years ago
0
Added more explanations to comment of 920300

#1753 dune73 closed 4 years ago
2
Note config change of tx.allowed_request_content_type in the v3.3 release notes

#1752 franbuehler opened 4 years ago
0
rule 920300 title / details mismatch

#1751 owingruters closed 4 years ago
1
Added 'ver' action with current version to all necessary rules (fix for #650)

#1750 airween closed 4 years ago
4
Monthly Chat Agenda May (2020-05-04)

#1749 franbuehler closed 4 years ago
1
Content-Type var fix ModSec v2 v3 900220 soap xml

#1748 franbuehler closed 4 years ago
3
Password Scrubbing within the libinjection rule

#1747 a-zb closed 4 years ago
1
Fix 921120 FP

#1746 franbuehler closed 1 month ago
0
Changed variable to lowercase (fixed #1741)

#1745 airween closed 4 years ago
1
Update README.md

#1744 drexlma opened 4 years ago
0
Allow REPORT requests without Content-Type header in Nextcloud

#1743 pyllyukko closed 4 years ago
1
Suppress rule 200002 when editing contacts in Nextcloud

#1742 pyllyukko closed 4 years ago
1
Rule 920450 and modsec 3x

#1741 mirkodziadzka-avi closed 4 years ago
4
Make Content-Type case insensitive

#1740 franbuehler closed 1 month ago
3
XenForo: update exclusions

#1739 lifeforms closed 4 years ago
1
WordPress: exclude additional URL fields in profile editor

#1738 lifeforms closed 4 years ago
1
WordPress JetPack False Positive

#1737 manuelroccon opened 4 years ago
0
NextCloud False Positive

#1736 manuelroccon opened 4 years ago
9
Fix link for 941310

#1735 NullIsNot0 closed 4 years ago
4
Fix content type whitelist

#1734 franbuehler closed 4 years ago
2
Monthly Chat Agenda April (2020-04-06)

#1733 dune73 closed 4 years ago
1
Make severities and scores consistent

#1732 lifeforms closed 4 years ago
1
Block QQGameHall UA

#1731 theMiddleBlue closed 4 years ago
1
Block QQGameHall in UA

#1730 theMiddleBlue closed 4 years ago
4
XSS Attack Detected via libinjection for AWS AWSALBCORS Cookie

#1729 frankyhun opened 4 years ago
4
JSON Payloads process significantly slower (600%) than XML Payloads of a similar size and format

#1728 rsbrisci closed 4 years ago
9
SQLi bypass at PL1(CRS 3.2.0)

#1727 seedis opened 4 years ago
1
DoS rule triggering with static (png) file

#1726 ceandre opened 4 years ago
0
Easy to trigger these rule id blocks just with keywords [932115, 942360]

#1725 jeremyjpj0916 opened 4 years ago
0
Crazy Long Processing time of XML of a certain kinda payload body.

#1724 jeremyjpj0916 opened 4 years ago
2
DOS protection is invalid

#1723 sule01u closed 4 years ago
0
SOAPUI SOAP Tx multipart/related call False Positive id: 920470

#1722 jeremyjpj0916 closed 4 years ago
4
Add Content-Type: multipart/related as allowed default

#1721 jeremyjpj0916 closed 4 years ago
1
XSS Attack Detected for valid XML Wrapped in CDATA Id 941160

#1720 jeremyjpj0916 opened 4 years ago
0
Need help with whitelisting false positive for gitlab rule id 949110

#1719 H4R0 closed 4 years ago
0
XSS attack detection for session id in cookie

#1718 kumaranubhaw closed 4 years ago
3
Remove MIME Attribute from application/soap+xml Rule 900220

#1717 rsbrisci closed 4 years ago
18
Vulnerable Regular Expressions in 942170

#1716 DragonRegex closed 4 years ago
1
Vulnerable Regular Expressions in 942200

#1715 DragonRegex closed 4 years ago
1
Vulnerable Regular Expressions in 942260

#1714 DragonRegex closed 4 years ago
1
Vulnerable Regular Expressions in 942300

#1713 DragonRegex closed 4 years ago
1
Vulnerable Regular Expressions in 942360

#1712 DragonRegex closed 4 years ago
1
FP 942100 MySQLi rule triggered?

#1711 jeremyjpj0916 opened 4 years ago
3
Add word boundaries around values in SQL tautologies (942130)

#1710 allanrbo closed 4 years ago
6
Move tests to their own file

#1709 fgsch closed 4 years ago
1
Perf issue with regexes that start with repeating digits

#1708 allanrbo opened 4 years ago
28