Rules Updates: Changelog

[TDmitry]

New rules released
Version 0.35 - 2014.01.28
  - CVE-2013-7187
  - False positives fixed:
      Joomla
      WHMCS
      Silverstripe CMS
      Wordpress
      IP Board
      and others

[Melih]

good job guys!

[TDmitry]

New rules released
Version 0.36 - 2014.02.04
  - CVE-2013-7002
  - categories support
  - small fixes

[designcentre]

With the new rules update I've seen the PCRE error appear again

Rule 7f0a958 [id "220020"][file "/var/cpanel/cwaf/rules/cwaf_05.conf"][line "56"] - Execution error - PCRE limits exceeded (-8): (null).

Reverting the rules back to previous version stops the PCRE errors

[designcentre]

Note on reverting back to previous rules and restarting httpd cause apache to fail to start no matter what was tried. Uninstalling CWAF resolved the problem and apache restarted. Going to reload & see what happens with new version & rules...

***edit***

Reinstalled complete new version, and now the PCRE errors have disappeared again

[chuvadenovembro]

Reinstalled complete new version, and now the PCRE errors have disappeared again

Me too

EDIT: I had not updated the rules, the problem still persists: (

[TDmitry]

New rules released
Version 0.37 - 2014.02.11
  - CVE-2012-6621
  - CVE-2014-1206
  - CVE-2014-1683
  - CVE-2014-1610

[TDmitry]

New rules released
Version 0.38 - 2014.02.18
  - CVE-2014-1619
  - CVE-2014-0793
  - CVE-2014-0794

[TDmitry]

New rules released
Version 0.39 - 2014.02.25
  - CVE-2014-0010
  - CVE-2013-1852
  - CVE-2012-6628

Version 0.40 - 2014.02.26
  - CVE-2012-6628 hotfix

Version 0.41 - 2014.03.04
  - CVE-2013-1466
  - CVE-2013-3933
  - CVE-2013-3639

Version 0.42 - 2014.03.11
  - CVE-2014-1914
  - CVE-2013-7319
  - CVE-2013-7326

Version 0.43 - 2014.03.12
  - CVE-2012-6628 hotfix

Version 0.44 - 2014.03.18
  - CVE-2013-5983
  - CVE-2014-1403

Version 0.45 - 2014.03.25
  - CVE-2014-1401
  - CVE-2014-1459
  - CVE-2012-6625
  - CVE-2012-6622
  - CVE-2012-6623

Version 0.46 - 2014.04.01
  - CVE-2012-6624
  - CVE-2014-1879

Version 0.47 - 2014.04.08
  - CVE-2014-1915

Version 0.48 - 2014.04.15
  - CVE-2014-1907
  - CVE-2013-1759
  - CVE-2013-3478
  - CVE-2013-5953

Version 1.00-1.03 - 2014-04-29
  - Completely new rules set

Version 1.04-1.08 - 2014-05-06
  - False positives fixed

Version 1.09 - 2014-05-12
  - CVE-2013-7334
  - CVE-2014-1945
  - False positives fixed

Version 1.10 - 2014-05-20
  - CVE-2014-2088
  - CVE-2014-2089
  - CVE-2014-2090
  - False positives fixed

Version 1.11 - 2014.05.27
  - CVE-2013-1409
  - CVE-2013-5952
  - CVE-2014-2219
  - CVE-2014-2091
  - False positives fixed

Version 1.12 - 2014.06.03
 - CVE-2014-1944
 - CVE-2013-3961
 - CVE-2014-0334
 - False positives fixed

Version 1.13 - 2014.06.12
 - CVE-2014-2316
 - CVE-2014-2092
 - CVE-2014-3246
 - Bruteforce protection (disabled by default)
 - User defined white list of User-Agents
 - False positives fixed

Version 1.14 - 2014.07.02
 - CVE-2014-3246
 - CVE-2014-3247
 - CVE-2014-2040
 - CVE-2014-1906
 - CVE-2013-1758
 - CVE-2014-2317
 - CVE-2014-2315
 - CVE-2013-2754
 - Bruteforce protection
 - Userdata whitelists

Version 1.15 - 2014.07.23
 - CVE-2013-5955
 - CVE-2014-2280
 - CVE-2014-1840
 - CVE-2014-2211
 - CVE-2014-2024
 - CVE-2014-1877
 - CVE-2012-1563
 - CVE-2014-2245

Version 1.16 - 2014.07.29
 - Bruteforce protection update
 - CVE-2013-0734

Version 1.17 - 2014.08.19
 - CVE-2013-5640
 - CVE-2013-5639
 - CVE-2013-2695
 - CVE-2013-2694
 - CVE-2013-2559
 - CVE-2014-1401 updated
 - XML quadratic blowup attack
 - userdata_bl_agents

[TDmitry]

Version 1.18 - 2014.09.10
 - Removed few XSS FPs
 - Performance optimization
 - Slowloris HTTP protection
 - CVE-2014-5266
 - CVE-2013-7346
 - CVE-2013-4430
 - CVE-2014-3123
 - CVE-2014-3783
 - CVE-2012-6644
 - CVE-2012-6642
 - CVE-2012-6643
 - userdata_login_pages
 - Joomla extra rule

[TDmitry]

Version 1.19 - 2014.10.01
 - CVE-2014-2708
 - CVE-2014-2579
 - CVE-2014-2340
 - CVE-2014-3845
 - CVE-2013-2107
 - CVE-2013-2705
 - CVE-2013-2700
 - CVE-2014-3870
 - CVE-2013-7375
 - CVE-2014-1613

[TDmitry]

Version 1.20 - 2014.10.21
 - CVE-2014-3843
 - CVE-2014-3210
 - CVE-2014-4513
 - CVE-2014-4515
 - CVE-2014-4518
Shellshock:
 - CVE-2014-6271
 - CVE-2014-6277
 - CVE-2014-6278
 - CVE-2014-7169
 - CVE-2014-7186
 - СVE-2014-7187

[TDmitry]

Version 1.21 - 2014.11.12
 - CVE-2013-4380
 - CVE-2014-3453
 - CVE-2013-1803
 - CVE-2014-4194
 - CVE-2014-4195
 - CVE-2014-4520
 - CVE-2014-5108
 - Extra Joomla protection rule
 - Extra Wordpress protection rule

[EricJH]

Version 1.23 - 2014.12.29

This version contains new improved structure of categories and rules groups.

All current excludes will be automatically migrated to the new structure during update.

This rule set required client version 2.1.1 and higher.

[TDmitry]

Version 1.22 - 2014.12.29
 - CVE-2014-4853
 - CVE-2014-3992
 - CVE-2014-3991
 - CVE-2014-4528
 - CVE-2013-1407
 - CVE-2014-2558
 - CVE-2012-4915
 - CVE-2014-3921
 - CVE-2014-4846
 - CVE-2014-4847
 - CVE-2014-4848
 - CVE-2014-4938
 - CVE-2014-4541
 - CVE-2014-3777
 - CVE-2014-3920
 - CVE-2014-4955
 - CVE-2014-4531
 - CVE-2014-4532
 - CVE-2014-4854
 - CVE-2014-4845
 - CVE-2014-4937
 - CVE-2014-4850
 - CVE-2014-3544
 - CVE-2014-3549
 - CVE-2014-4568
 - CVE-2014-4589
 - CVE-2014-4960
 - Fixed WHMCS falses
 - some performance modifications