[Modsecurity] gallery 1.5.4 false positive
Zekeria Oezdemir
zeki at zeki.ch
Tue Oct 10 07:40:45 EDT 2006
hello list,
i get this error on Gallery v1.5.4
[Tue Oct 10 13:30:38 2006] [error] [client x.x.x.x] mod_security: Access
denied with code 500. Pattern match
"\\\\.php(3|4|5)?(\\\\?|&).*=(ht|f)tps?:/.*(\\\\?|&)" at REQUEST_URI [id
"300018"] [rev "1"] [msg "Generic PHP code injection protection"]
[severity "CRITICAL"] [hostname "www.domain.ch"] [uri
"/pics/do_command.php?return=http%3A%2F%2Fwww.domain.ch%2Fpics%2Fview_album.php&cmd=new-album"]
[Tue Oct 10 13:30:52 2006] [error] [client x.x.x.x] mod_security: Access
denied with code 500. Pattern match
"\\\\.php(3|4|5)?(\\\\?|&).*=(ht|f)tps?:/.*(\\\\?|&)" at REQUEST_URI [id
"300018"] [rev "1"] [msg "Generic PHP code injection protection"]
[severity "CRITICAL"] [hostname "www.domain.ch"] [uri
"/pics/do_command.php?return=http%3A%2F%2Fwww.domain.ch%2Fpics%2Fview_album.php&cmd=new-album"]
its a bug?
greets
zeki
More information about the Modsecurity
mailing list