Secure email gateways and end users alike are being fooled by a cyberattack campaign that’s enjoying skyrocketing volumes against businesses in every industry, globally. Read More
Related Posts
A firewall wake up call.
A firewall wake up call.
Jon Williams from Bishop Fox is sharing their research on “It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable.” SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities.
The research states “Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern.” They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they found that 76% are vulnerable to one or both issues. Read More
The CyberWire
Cisco Unveils AI-Native Enterprise Security Solution Hypershield
Cisco Unveils AI-Native Enterprise Security Solution Hypershield
[[{“value”:”
Cisco announces Hypershield, an AI-native and cloud-native enterprise security solution with a wide range of capabilities.
The post Cisco Unveils AI-Native Enterprise Security Solution Hypershield appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
ModSecurity WAF Flaw Let Hackers Trigger DoS Attack
ModSecurity WAF Flaw Let Hackers Trigger DoS Attack
Trustwave’s open-source Web Application Firewall (WAF) engine, ModSecurity, faces DoS risk due to four transformation actions vulnerability.
Cybersecurity researchers at Trustwave identified this flaw and alerted the ModSecurity team about their detection. The vulnerability was tracked as CVE-2023-38285.
However, the security developers at the ModSecurity team fixed this flaw by releasing the fixes in v3.0.10, while the v2 of ModSecurity is not affected.
ModSecurity offers numerous transformation actions to alter value representation for improved processing convenience and reduced rule evasion risks.
Detection Alert
The ModSecurity team was notified of the DoS issue in v3, and the impacted transformations are:-
removeWhitespace
removeNull
replaceNull
removeCommentsChar
Though functionally correct, the impacted transformations proved inefficient against worst-case performance in response to maliciously crafted HTTP requests.
To prevent significant delays, configure common items like SecRequestBodyNoFilesLimit, using the recommended default value of 131072 in modsecurity.conf-recommended.
Despite the limit, a dozen or more transformation executions might still cause multiple seconds of delay per HTTP transaction.
Apart from this, a significant volume of simultaneous malicious requests could crush the web server, as a result, it will delay the responses to legitimate ones.
Recommendation
If the immediate upgrade is impractical, alternative mitigations exist for affected installations. Larger values have a greater impact on resources than numerous smaller ones due to the issue’s nature.
Incorporate a separate ModSecurity rule to restrict processed value sizes, allowing unchecked handling of legitimate content.
Stay up-to-date with the latest Cyber Security News; follow us on GoogleNews, Linkedin, Twitter, and Facebook.
The post ModSecurity WAF Flaw Let Hackers Trigger DoS Attack appeared first on Cyber Security News.
Cyber Security News