You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 14, 2020. It is now read-only.
Type of Issue
False positive
Description
Issue with Wordpress JetPack plugin
Audit Logs / Triggered Rule Numbers
--a8dd7334-A--
[11/Apr/2020:15:19:23 +0300] XpG1y2B9vAtGdcg7i3j4AAAAEE 192.0.101.214 1088 123.123.123.123 443
--a8dd7334-B--
POST /?for=jetpack&jetpack=comms&token=×tamp=&nonce=&body-hash=&signature=%3D HTTP/1.1
Host: www.domain.com
User-Agent: Jetpack by WordPress.com
Accept: /
Accept-Encoding: deflate, gzip
Referer: https://www.domain.com/?for=jetpack&jetpack=comms&token=×tamp=&nonce=&body-hash=
Authorization: X_JETPACK token="" timestamp="" nonce="" body-hash="=" signature="="
Connection: close
Content-Length: 114
Content-Type: application/x-www-form-urlencoded
--a8dd7334-C--
jetpack.testConnection --a8dd7334-F-- HTTP/1.1 403 Forbidden X-Powered-By: PHP/7.3.16 Cache-Control: no-cache Content-Encoding: gzip Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8--a8dd7334-H--
Message: Warning. detected XSS using libinjection. [file "/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "60"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS_NAMES:<?xml version: <?xml version"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"]
Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"]
Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.0.101.214] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "60"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS_NAMES:<?xml version: <?xml version"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.domain.com"] [uri "/"] [unique_id "XpG1y2B9vAtGdcg7i3Yj4AAAAEE"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.0.101.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.domain.com"] [uri "/"] [unique_id "XpG1y2B9vAtGdcg7i3Yj4AAAAEE"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.0.101.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "www.domain.com"] [uri "/index.php"] [unique_id "XpG1y2B9vAtGdcg7i3Yj4AAAAEE"]
Action: Intercepted (phase 2)
Apache-Handler: proxy:fcgi://php-fpm
Stopwatch: 1586607563182272 11167 (- - -)
Stopwatch2: 1586607563182272 11167; combined=3345, p1=553, p2=2622, p3=0, p4=0, p5=170, sr=70, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Engine-Mode: "ENABLED"
--a8dd7334-Z--
Your Environment
Confirmation
[X] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.
The text was updated successfully, but these errors were encountered: