Andre/edgeguard-owasp-feed
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update OWASP CRS rules to v4.24.1

Browse Source 
Automated update via update-feed.sh
CRS version: v4.24.1
Rules extracted: 180
This commit is contained in:
Andre Bolinhas
2026-03-09 22:45:01 +00:00
parent 4e6fe3a7fb
commit 09a7c79e17
1 changed files with 46 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
rulesets.json
View File

@@ -1,5 +1,5 @@
{
"build_datetime": "2026-03-08T16:29:52Z",
"build_datetime": "2026-03-09T22:45:00Z",
"owasp_top_10": {
"version": "2025",
"url": "https://owasp.org/Top10/2025/",
@@ -107,9 +107,9 @@
{
"id": "crs-protocol-enforcement",
"name": "CRS Protocol Enforcement",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Protocol Enforcement (12 rules)",
"description": "OWASP CRS v4.24.1 — CRS Protocol Enforcement (12 rules)",
"author": "OWASP CRS Project",
"priority": 15,
"enabled": true,
@@ -359,9 +359,9 @@
{
"id": "crs-protocol-attack",
"name": "CRS Protocol Attack (HTTP Smuggling)",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Protocol Attack (HTTP Smuggling) (10 rules)",
"description": "OWASP CRS v4.24.1 — CRS Protocol Attack (HTTP Smuggling) (10 rules)",
"author": "OWASP CRS Project",
"priority": 5,
"enabled": true,
@@ -369,7 +369,7 @@
{
"id": "921110",
"name": "HTTP Request Smuggling Attack",
"pattern": "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\s+[^\\s]+\\s+http/\\d",
"pattern": "(?:get|p(?:(?:os|u)t|atch|rop(?:find|atch))|head|options|co(?:nnect|py)|delete|trac[ek]|m(?:kcol|ove)|(?:un)?lock)[\\s\\x0b]+[^\\s\\x0b]+[\\s\\x0b]+http/[0-9]",
"targets": [
"body",
"query"
@@ -390,7 +390,7 @@
{
"id": "921120",
"name": "HTTP Response Splitting Attack",
"pattern": "[\\r\\n]\\W*?(?:content-(?:type|length)|set-cookie|location):\\s*\\w",
"pattern": "[\\n\\r][^0-9A-Z_a-z]*?(?:content-(?:type|length)|set-cookie|location):[\\s\\x0b]*[0-9A-Z_a-z]",
"targets": [
"all"
],
@@ -470,7 +470,7 @@
{
"id": "921160",
"name": "HTTP Header Injection Attack via payload (CR/LF and header-name detected)",
"pattern": "[\\n\\r]+(?:\\s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\\s*:",
"pattern": "[\\n\\r]+(?:[\\s\\x0b]|location|re(?:fresh|mote-(?:ip|addr))|(?:set-)?cookie|forwarded-(?:(?:fo|serve)r|host)|host|via|originating-IP|x-(?:forwarded-(?:(?:fo|serve)r|host)|host|via|remote-(?:ip|addr)|originating-IP))[\\s\\x0b]*:",
"targets": [
"query"
],
@@ -571,9 +571,9 @@
{
"id": "crs-lfi",
"name": "CRS Local File Inclusion (LFI)",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Local File Inclusion (LFI) (2 rules)",
"description": "OWASP CRS v4.24.1 — CRS Local File Inclusion (LFI) (2 rules)",
"author": "OWASP CRS Project",
"priority": 5,
"enabled": true,
@@ -601,7 +601,7 @@
{
"id": "930110",
"name": "Path Traversal Attack (/../) or (/.../)",
"pattern": "(?:(?:^|[\\x5c/;])\\.{2,3}[\\x5c/;]|[\\x5c/;]\\.{2,3}[\\x5c/;])",
"pattern": "(?:^|[/;\\x5c])\\.{2,3}[/;\\x5c]",
"targets": [
"all"
],
@@ -623,9 +623,9 @@
{
"id": "crs-rfi",
"name": "CRS Remote File Inclusion (RFI)",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Remote File Inclusion (RFI) (3 rules)",
"description": "OWASP CRS v4.24.1 — CRS Remote File Inclusion (RFI) (3 rules)",
"author": "OWASP CRS Project",
"priority": 5,
"enabled": true,
@@ -697,9 +697,9 @@
{
"id": "crs-rce",
"name": "CRS Remote Code Execution (RCE)",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Remote Code Execution (RCE) (16 rules)",
"description": "OWASP CRS v4.24.1 — CRS Remote Code Execution (RCE) (16 rules)",
"author": "OWASP CRS Project",
"priority": 3,
"enabled": true,
@@ -1030,9 +1030,9 @@
{
"id": "crs-php",
"name": "CRS PHP Injection",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS PHP Injection (11 rules)",
"description": "OWASP CRS v4.24.1 — CRS PHP Injection (11 rules)",
"author": "OWASP CRS Project",
"priority": 5,
"enabled": true,
@@ -1262,9 +1262,9 @@
{
"id": "crs-generic-attack",
"name": "CRS Generic Application Attack",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Generic Application Attack (5 rules)",
"description": "OWASP CRS v4.24.1 — CRS Generic Application Attack (5 rules)",
"author": "OWASP CRS Project",
"priority": 5,
"enabled": true,
@@ -1293,7 +1293,7 @@
{
"id": "934130",
"name": "JavaScript Prototype Pollution",
"pattern": "(?:__proto__|constructor\\s*(?:\\.|\\]?\\[)\\s*prototype)",
"pattern": "__proto__|constructor[\\s\\x0b]*(?:\\.|\\]?\\[)[\\s\\x0b]*prototype",
"targets": [
"all"
],
@@ -1378,9 +1378,9 @@
{
"id": "crs-xss",
"name": "CRS Cross-Site Scripting (XSS)",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Cross-Site Scripting (XSS) (24 rules)",
"description": "OWASP CRS v4.24.1 — CRS Cross-Site Scripting (XSS) (24 rules)",
"author": "OWASP CRS Project",
"priority": 5,
"enabled": true,
@@ -1528,7 +1528,7 @@
{
"id": "941190",
"name": "IE XSS Filters - Attack Detected",
"pattern": "(?i:<style.*?>.*?(?:@[i\\x5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(\\x5c]|&#x?0*(?:40|28|92|5C);?)))",
"pattern": "(?i)<style.*?>.*?(?:@[\\x5ci]|(?:[:=]|&#x?0*(?:58|3[AD]|61);?).*?(?:[\\(\\x5c]|&#x?0*(?:40|28|92|5C);?))",
"targets": [
"all"
],
@@ -1748,7 +1748,7 @@
{
"id": "941300",
"name": "IE XSS Filters - Attack Detected",
"pattern": "(?i)<OBJECT[\\s/+].*?(?:type|codetype|classid|code|data)[\\s/+]*=",
"pattern": "(?i)<OBJECT[\\s\\x0b\\+/].*?(?:type|c(?:ode(?:type)?|lassid)|data)[\\s\\x0b\\+/]*=",
"targets": [
"all"
],
@@ -1808,7 +1808,7 @@
{
"id": "941370",
"name": "JavaScript global variable found",
"pattern": "(?:self|document|this|top|window)\\s*(?:/\\*|[\\[)]).+?(?:\\]|\\*/)",
"pattern": "(?:self|document|t(?:his|op)|window)[\\s\\x0b]*(?:/\\*|[\\)\\[]).+?(?:\\]|\\*/)",
"targets": [
"all"
],
@@ -1848,7 +1848,7 @@
{
"id": "941400",
"name": "XSS JavaScript function without parentheses",
"pattern": "((?:\\[[^\\]]*\\][^.]*\\.)|Reflect[^.]*\\.).*(?:map|sort|apply)[^.]*\\..*call[^`]*`.*`",
"pattern": "((?:\\[[^\\]]*\\]|Reflect)[^\\.]*\\.).*(?:map|sort|apply)[^\\.]*\\..*call[^`]*`.*`",
"targets": [
"all"
],
@@ -1870,9 +1870,9 @@
{
"id": "crs-sqli",
"name": "CRS SQL Injection (SQLi)",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS SQL Injection (SQLi) (20 rules)",
"description": "OWASP CRS v4.24.1 — CRS SQL Injection (SQLi) (20 rules)",
"author": "OWASP CRS Project",
"priority": 3,
"enabled": true,
@@ -2060,7 +2060,7 @@
{
"id": "942250",
"name": "Detects MATCH AGAINST, MERGE and EXECUTE IMMEDIATE injections",
"pattern": "(?i:merge.*?using\\s*?\\(|execute\\s*?immediate\\s*?[\"'`]|match\\s*?[\\w(),+-]+\\s*?against\\s*?\\()",
"pattern": "(?i)m(?:erge.*?using|atch[\\s\\x0b]*?[\\(\\)\\+-\\-0-9A-Z_a-z]+[\\s\\x0b]*?against)[\\s\\x0b]*?\\(|execute[\\s\\x0b]*?immediate[\\s\\x0b]*?[\"'`]",
"targets": [
"all"
],
@@ -2282,9 +2282,9 @@
{
"id": "crs-session-fixation",
"name": "CRS Session Fixation",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Session Fixation (1 rules)",
"description": "OWASP CRS v4.24.1 — CRS Session Fixation (1 rules)",
"author": "OWASP CRS Project",
"priority": 10,
"enabled": true,
@@ -2292,7 +2292,7 @@
{
"id": "943100",
"name": "Possible Session Fixation Attack: Setting Cookie Values in HTML",
"pattern": "(?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)",
"pattern": "(?i)\\.cookie\\b.*?;[^0-9A-Z_a-z]*?(?:expires|domain)[^0-9A-Z_a-z]*?=|\\bhttp-equiv[^0-9A-Z_a-z]+set-cookie\\b",
"targets": [
"all"
],
@@ -2314,9 +2314,9 @@
{
"id": "crs-java-attack",
"name": "CRS Java / Deserialization Attack",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Java / Deserialization Attack (3 rules)",
"description": "OWASP CRS v4.24.1 — CRS Java / Deserialization Attack (3 rules)",
"author": "OWASP CRS Project",
"priority": 3,
"enabled": true,
@@ -2386,9 +2386,9 @@
{
"id": "crs-data-leakage",
"name": "CRS Data Leakage Detection",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Data Leakage Detection (2 rules)",
"description": "OWASP CRS v4.24.1 — CRS Data Leakage Detection (2 rules)",
"author": "OWASP CRS Project",
"priority": 15,
"enabled": true,
@@ -2438,9 +2438,9 @@
{
"id": "crs-data-leakage-sql",
"name": "CRS SQL Data Leakage",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS SQL Data Leakage (16 rules)",
"description": "OWASP CRS v4.24.1 — CRS SQL Data Leakage (16 rules)",
"author": "OWASP CRS Project",
"priority": 15,
"enabled": true,
@@ -2770,9 +2770,9 @@
{
"id": "crs-data-leakage-java",
"name": "CRS Java Data Leakage",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Java Data Leakage (1 rules)",
"description": "OWASP CRS v4.24.1 — CRS Java Data Leakage (1 rules)",
"author": "OWASP CRS Project",
"priority": 15,
"enabled": true,
@@ -2802,9 +2802,9 @@
{
"id": "crs-data-leakage-php",
"name": "CRS PHP Data Leakage",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS PHP Data Leakage (2 rules)",
"description": "OWASP CRS v4.24.1 — CRS PHP Data Leakage (2 rules)",
"author": "OWASP CRS Project",
"priority": 15,
"enabled": true,
@@ -2854,9 +2854,9 @@
{
"id": "crs-data-leakage-iis",
"name": "CRS IIS Data Leakage",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS IIS Data Leakage (2 rules)",
"description": "OWASP CRS v4.24.1 — CRS IIS Data Leakage (2 rules)",
"author": "OWASP CRS Project",
"priority": 15,
"enabled": true,
@@ -2906,9 +2906,9 @@
{
"id": "crs-web-shells",
"name": "CRS Web Shell Detection",
"version": "4.24.0",
"version": "4.24.1",
"source": "owasp-crs",
"description": "OWASP CRS v4.24.0 — CRS Web Shell Detection (23 rules)",
"description": "OWASP CRS v4.24.1 — CRS Web Shell Detection (23 rules)",
"author": "OWASP CRS Project",
"priority": 3,
"enabled": true,