=== relates to: S4784

=== supercedes: S4784

=== on 4 May 2018, 11:38:29 Dinesh Bolkensteyn wrote:
The next step is to identify hard-coded regex that are vulnerable, against which externally-provided strings will be matched.


This should enable us to detect CVE-2015-2526, see \http://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html


With both of these rules, we'll have full coverage of the ReDoS attack.