8000 FP: Rule 930110 - Path Traversal Attack (/../) - triggered on .. · Issue #2005 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

FP: Rule 930110 - Path Traversal Attack (/../) - triggered on .. #2005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
leroc274 opened this issue Feb 6, 2021 · 2 comments
Closed

FP: Rule 930110 - Path Traversal Attack (/../) - triggered on .. #2005

leroc274 opened this issue Feb 6, 2021 · 2 comments
Assignees
@lifeforms
Labels
➕ False Positive

Comments

@leroc274
Copy link
leroc274 commented Feb 6, 2021

Description

Rule 930110 - Path Traversal Attack (/../) - triggered on .. (dot dot)

I think Rule should be triggered on
../
/..
\..
..\
and not on
..

Audit Logs

--be180000-B--
POST /servlets/servlet/SessionExample* HTTP/1.1

--be180000-C--
dataname=..&datavalue=

--be180000-H--
Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:dataname. [file "*/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "71"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: .. found within ARGS:dataname: .."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"]

Environment

  • CRS version: 3.3.0
  • Paranoia level setting: 1
  • ModSecurity version: 2.9.3
  • Web Server and version: Apache 2.4.41
  • Operating System and version: Windows

Confirmation

[x ] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.
@dune73 dune73 mentioned this issue Feb 15, 2021
Closed
@lifeforms lifeforms self-assigned this Feb 15, 2021
@lifeforms
Copy link
Member
lifeforms commented Feb 15, 2021
edited
Loading

Thanks for the report. I will take this issue. We will ensure that .. doesn't trigger anymore in the next release.

Note to self: add a test for the .. case.

@lifeforms lifeforms mentioned this issue Feb 21, 2021
Merged
@lifeforms
Copy link
Member

A change to fix this false positive is proposed in #2016. After review, it will be part of our next release. Thanks for reporting!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lifeforms lifeforms

Labels
➕ False Positive
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lifeforms @leroc274
0