Comments (4)
dune73
commented on August 11, 2024
3
Thank you for reporting. I'm more and more seeing a need to review all the content-type rules in its own little project to overhaul them all. Thanks for the contribution.
from owasp-modsecurity-crs.
franbuehler
commented on August 11, 2024
2
I also see start-info in this multipart/related Content-Type.
And I see this is also a valid param: https://tools.ietf.org/html/rfc2387
So the full list would be: (?:boundary|charset|type|start|start-info) or (?:boundary|charset|type|start(?:-info)?).
I haven't tested that yet.
Example Request Header:
Content-Type: multipart/related; type="application/xop+xml"; boundary="uuid:a111aaa1-aa11-1a11-a11a-11a1111aa11a"; start="<[email protected]>"; start-info="application/soap+xml
And here I see more params like action:
https://issues.apache.org/jira/browse/CXF-6431
Example for action:
Content-Type: application/soap+xml; action="urn:hl7-org:v3:PRPA_IN201305UV02"; charset=UTF-8
Source: https://groups.google.com/forum/#!topic/ipf-user/evT5vZb42_w
from owasp-modsecurity-crs.
franbuehler
commented on August 11, 2024
1
I'll open a PR with the following suggestion for rule 920470:
^[\w\d\/\.\-\+]+(?:\s?;\s?(?:action|boundary|charset|type|start(?:-info)?)\s?=\s?['\"\w\d\.\-\/+<>@:]+)*$
from owasp-modsecurity-crs.
jeremyjpj0916
commented on August 11, 2024
Not the best at fixing them but playing the role of QA and providing FP's is right up my wheelhouse, I can make small fixes 😄 .
from owasp-modsecurity-crs.
Related Issues (20)
- DOS protection is invalid
- Crazy Long Processing time of XML of a certain kinda payload body. HOT 2
- Easy to trigger these rule id blocks just with keywords [932115, 942360]
- DoS rule triggering with static (png) file
- SQLi bypass at PL1(CRS 3.2.0) HOT 1
- JSON Payloads process significantly slower (600%) than XML Payloads of a similar size and format HOT 9
- XSS Attack Detected via libinjection for AWS AWSALBCORS Cookie HOT 4
- Block QQGameHall in UA HOT 4
- Monthly Chat Agenda April (2020-04-06) HOT 1
- NextCloud False Positive HOT 9
- WordPress JetPack False Positive
- Rule 920450 and modsec 3x HOT 4
- Password Scrubbing within the libinjection rule HOT 1
- Monthly Chat Agenda May (2020-05-04) HOT 1
- rule 920300 title / details mismatch HOT 1
- Note config change of tx.allowed_request_content_type in the v3.3 release notes
- false positive on rule 932110
- Incompatible with ModSecurity 3.x? HOT 1
- False positive with WordPress when hosted from http://example.com/update-prefix HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from owasp-modsecurity-crs.