Advanced search  


cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.

Pages: [1]   Go Down

Author Topic: Compliance with Modsecurity + OWASP  (Read 3341 times)

0 Members and 1 Guest are viewing this topic.


  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 60
Compliance with Modsecurity + OWASP
« on: November 17, 2016, 08:41:28 am »

Now OWASP is out since October and the last big version was from 2013. OWASP 3.0 is designed to give less false positives I updated my website to that release. In previous version I had to switch off a lot of the filters that keep hackers and other bad people from trying to do bad stuff with my site.

I have run a quick test and the only thing that cropped up in that period was that the cookie set by Coppermine could contain a "=" and that triggered a detection. Maybe there are more non alphabetical/number characters that could trigger detections but I have not yet tested it that much because it was already late in the evening.

Information what it filters:

1. More than 16,000 specific rules, broken out into the following attack
 * SQL injection
 * Cross-site Scripting (XSS)
 * Local File Include
 * Remote File Include

2. User option for application specific rules, covering the same
vulnerability classes for applications such as:
 * WordPress
 * cPanel
 * osCommerce
 * Joomla

I saw that it also is covering Coppermine Gallery with 30 settings, however I think the main part if not all are already fixed by the programmers in contact with users of Coppermine.

I am also using Owncloud that is triggering a lot more of detections so Coppermine is very clean in the eyes of OWASP

Some links:
Pages: [1]   Go Up

Page created in 0.016 seconds with 19 queries.