[Modsecurity] gallery 1.5.4 false positive
Michael Shinn
mike at gotroot.com
Tue Oct 10 13:31:30 EDT 2006
Thanks for the report, yep its a bug. Putting out a fix now, should
have it up in a jiffy.
On Tue, 2006-10-10 at 13:40 +0200, Zekeria Oezdemir wrote:
> hello list,
>
> i get this error on Gallery v1.5.4
>
>
> [Tue Oct 10 13:30:38 2006] [error] [client x.x.x.x] mod_security: Access
> denied with code 500. Pattern match
> "\\\\.php(3|4|5)?(\\\\?|&).*=(ht|f)tps?:/.*(\\\\?|&)" at REQUEST_URI [id
> "300018"] [rev "1"] [msg "Generic PHP code injection protection"]
> [severity "CRITICAL"] [hostname "www.domain.ch"] [uri
> "/pics/do_command.php?return=http%3A%2F%2Fwww.domain.ch%2Fpics%2Fview_album.php&cmd=new-album"]
> [Tue Oct 10 13:30:52 2006] [error] [client x.x.x.x] mod_security: Access
> denied with code 500. Pattern match
> "\\\\.php(3|4|5)?(\\\\?|&).*=(ht|f)tps?:/.*(\\\\?|&)" at REQUEST_URI [id
> "300018"] [rev "1"] [msg "Generic PHP code injection protection"]
> [severity "CRITICAL"] [hostname "www.domain.ch"] [uri
> "/pics/do_command.php?return=http%3A%2F%2Fwww.domain.ch%2Fpics%2Fview_album.php&cmd=new-album"]
>
>
> its a bug?
>
> greets
> zeki
> _______________________________________________
> Modsecurity mailing list
> Modsecurity at gotroot.com
> http://lists.gotroot.com/mailman/listinfo/modsecurity
--
Michael T. Shinn KeyID:0xDAE2EC86
Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86
Got Root? http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls: http://troubleshootingfirewalls.com
More information about the Modsecurity
mailing list