This file is part of the OSVDB export. You need to register for an account at www.osvdb.org<http://www.osvdb.org> and then you can download it to your servers.
There were two reasons why we didn't include it with the CRS - 1) Licensing restrictions. They want individuals to register on their site. 2) You should update this file frequently to get the latest vulns. I recommend you setup a cronjob to pull down the archive daily. These are similar issues as with the Google Safe Browsing DB where we provide an interface/rules but the user needs to update some external data. Ryan On Sep 13, 2011, at 6:46 AM, Chunde Shi <[email protected]<mailto:[email protected]>> wrote: Hello, Thanks in advance for your help. following rule conf file is referring to a file vulnerabilities.txt. it does not seems to be in the download CRS tree. Where can I get it? experimental_rules/modsecurity_crs_61_ip_forensics.conf:SecGeoLookupDb /usr/local/apache/conf/modsec_current/base_rules/GeoLiteCity.dat lua/osvdb.lua:for line in io.lines("/usr/local/apache/conf/modsec_current/base_rules/vulnerabilities.txt") do Regards, Chunde ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
