8000 Rule 933150 Has False Positive for URLs · Issue #3641 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Rule 933150 Has False Positive for URLs #3641
New issue
New issue
Closed
#3840
< 7A93 svg focusable="false" aria-label="Issue" class="octicon octicon-issue-closed Octicon-sc-9kayk9-0 hTWZgt" role="img" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" display="inline-block" overflow="visible" style="vertical-align:text-bottom">Closed
Rule 933150 Has False Positive for URLs#3641
#3840
Labels
➕ False Positive
@ssigwart

Description

@ssigwart
ssigwart
opened on Apr 2, 2024

Description

The PHP printf rule is triggering issues on URLs like "SprintForTheCause".

How to reproduce the misbehavior (-> curl call)

curl -H "x-format-output: txt-matched-rules" https://sandbox.coreruleset.org/SprintForTheCause
933150 PL1 PHP Injection Attack: High-Risk PHP Function Name Found
949110 PL1 Inbound Anomaly Score Exceeded (Total Score: 5)
980170 PL1 Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=5) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=4) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=5)

Confirmation

  • I have removed any personal data (email addresses, IP addresses,
    passwords, domain names) from any logs posted.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ➕ False Positive

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0