OpenRASP project in April 2017, its original purpose was to provide a common security framework, and improve application protection capabilities for unknown vulnerabilities. Struts2 vulnerability is a typical series of unknown vulnerabilities. From the latest S2-001 to S2-057, wherein it is characterized in changing a request, perform a final statement or deserialize OGNL some way, then acquisition system privileges.
RASP protection engine running and internal applications, can solve this problem. Regardless of vulnerability, its ultimate purpose is: to perform system commands, upload webshell, drag library and so on. So we achieve such a security framework: detecting characteristics of the request is not dependent attack, but when the application performs the above key operation is performed for a self-defined logic checks whether there is an abnormality.
A number of issues in this release OpenRASP 1.2.2 version, completely solve v8 :: Abort () problem, and fix the open source community report
Upgrade Instructions
Management background
- After the upgrade is complete backstage, still need to be performed manually
./rasp-cloud -upgrade 121to122update the MongoDB- Increased
X-Protected-By: OpenRASPconfiguration - Request body size limit to 12KB
- Support online upgrade, but the implementation process do not modify the configuration in the background
- Increased
new features
General improvements
- Completely solve the
v8::Abort()crash problem - V8 upgrade to the latest version: 7.8.279.19
- Support hide
X-Protected-By: OpenRASPresponse header
Auto Setup
- Support via -heartbeat / - heartbeat heartbeat interval defined parameters
Java version
- Increase WebSphere 7.X support. Because IBM JDK restrictions, documents related to the detection point could not be effective
- When the widget is not registered request / requestEnd detection points, not configured to improve performance parameters
Detection plug-in
- Interception perform operations based bsh.servlet.BshServlet command, eg CNVD-2019-32204
- Interception perform operations jdk.scripting.nashorn based command
BUG repair
Java version
- Under repair some cases, Java can not get the issue of the character stream request body
PHP version
- When the repair is closed
plugin.filter, the included.php/.incfile will not plug into the issue - For multipart request, parameters are extracted separately, there is no problem when the alarm request body
Detection plug-in
- Fix user reported issues replaceAll function memory usage is too high
- Repair @Looke report xss_userinput bypass the problem