Hello,
Does the ruleset protect against CVE-2014-5266 ?
If yes, since which version ?
Thank you.
Hello,
Does the ruleset protect against CVE-2014-5266 ?
If yes, since which version ?
Thank you.
This is “XML Quadratic Blowup Attack”. It is covered by rules v.1.17 for Apache (latest at this moment).
Thank you, its a very serious exploit and it needs to be covered.
I am updating to the newest ruleset now