Hi,
we released a pattern update for the Common Threat Filter rules to include rules against the shellschock vulnerability (CVE-2014-6271 and CVE-2014-7169).
Unfortunately, the pattern update mechanism for WAF was broken for 9.2. We fixed this issue with the 9.207 GA release (33116 Up2date flag not set for owaspcrs).
If you're on 9.2 and do not want to update to 9.207 you can set the flag manually.
Therefore, edit the '/etc/up2date/up2date.conf' and change the owaspcrs status to '1' in line 44, see:
[owaspcrs]
status = 1
description = Web Application Firewall Core Ruleset
Regards,
Sabine
This thread was automatically locked due to age.