Re: [Owasp-modsecurity-core-rule-set] CVE-2014-6271 - BASH Vulnerability

Jeremy Brown Fri, 26 Sep 2014 16:57:07 -0700

So far, I've been using the recommendations Redhat made.  For some reason, it 
looks like they removed them from the article I saw.


I am seeing some hits in my logs, but I make no claims about how effective 
these rules are.

SecRule REQUEST_HEADERS "^\(\) {" 
"phase:1,deny,id:1000000,t:urlDecode,status:400,log,msg:'CVE-2014-6271 - Bash 
Attack'"
SecRule REQUEST_LINE "\(\) {" 
"phase:1,deny,id:1000001,status:400,log,msg:'CVE-2014-6271 - Bash Attack'"
SecRule ARGS_NAMES "^\(\) {" 
"phase:2,deny,id:1000002,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271
 - Bash Attack'"
SecRule ARGS "^\(\) {" 
"phase:2,deny,id:1000003,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271
 - Bash Attack'"
SecRule FILES_NAMES "^\(\) {"  
"phase:2,deny,id:1000004,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271
  - Bash Attack'"
 
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Re: [Owasp-modsecurity-core-rule-set] CVE-2014-6271 - BASH Vulnerability

Reply via email to