Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728 ------- Additional Comments From mfleming+rpm@xxxxxxxxxxxxxxxx 2007-03-11 01:16 EST ------- Folks, I've run up some preliminary 2.1.0 RPMs for Core 5 and 6 (i386 and x86_64, no ppc or Rawhide here sorry) at http://www.enlartenment.com/modsecurity/ for those interested in giving them a test prior to me importing them into CVS. It's a fairly serious upgrade and I want to spring as few surprises on users as I can - however if you've not tinkered too much with 1.9's config as I've shipped it you should see no problems. I've turned on the Core Rules set (minus 2 dodgy sets Ivan is aware of) and added the above rule to a local set to ideally fix the reported vulnerability. The server they're hosted on is also running this version and ruleset as a proof-of-concept / eat-my-own-dogfood demonstration. Any feedback appreciated. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
