The OWASP Community Repository (CRS) has released version 4.18.0, featuring enhanced security features and threat detection capabilities. The update includes new rules to detect malicious attacks on web applications protected by ModSecurity or similar firewalls, such as SSH command detection and support for 'application/reports+json' content-type headers. Additionally, fixes have been implemented to remove unnecessary patterns, prevent false positives, and improve overall system accuracy. 

OWASP CRS 4.18.0 released with enhanced security features

A significant update to the OWASP (Open Web Application Security Project) Community Repository (CRS) has been announced, featuring a comprehensive set of rules designed for detecting malicious attacks on web applications protected by ModSecurity or similar web application firewalls.

Key Enhancements in Version 4.18.0:

1. New Features and Detections: This update includes several new features and detections to improve the security posture of web applications.
   • The addition of support for 'application/reports+json' content-type headers, which enables more effective detection of potential threats.
   • Updates to the list of Unix commands, enhancing the CRS's ability to identify malicious activities.
   • The inclusion of SSH command detection, allowing the system to identify and prevent unauthorized access attempts.
   • The development of new rules for detecting 'rmt' and 'rmt-tar' attacks, which target web applications through remote file transfers.
2. Other Changes:
   • The introduction of product name tags, enabling more precise identification of specific products and applications.
   • Fixes to remove unnecessary patterns, such as '.*' (dot star), which could cause false positives or performance issues.
   • Modifications to avoid matching non-Ruby error messages and source codes ensure that the system accurately identifies malicious activity while minimizing false alarms.
   • Adjustments to prevent replacement of command-line suffixes for specific IDs, maintaining the accuracy of threat detection.

Upgrade to Enhance Web Application Security:

To take advantage of the enhanced security features in OWASP CRS version 4.18.0, web application administrators and developers are advised to upgrade their systems as soon as possible. This update will help protect against emerging threats and ensure a more secure online experience for users.

Coreruleset Release v4.18.0

What's Changed New features and detections feat: add application/reports+json content-type header by @Xhoenix in #4230 feat: update unix commands list by @EsadCetiner in #4215 feat: added ssh ...

Release v4.18.0 · coreruleset/coreruleset