[Tickets #5696] Re: https login problem
bugs at bugs.horde.org
bugs at bugs.horde.org
Thu Sep 6 03:59:47 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5696
-----------------------------------------------------------------------
Ticket | 5696
Updated By | Matt Selsky <selsky at columbia.edu>
Summary | https login problem
Queue | Horde Base
Version | 3.2-ALPHA
Type | Bug
State | Feedback
Priority | 2. Medium
Owners | Chuck Hagenbuch
-----------------------------------------------------------------------
Matt Selsky <selsky at columbia.edu> (2007-09-05 20:59) wrote:
Here are the relevant rules from modsecurity:
SecRule RESPONSE_BODY
"(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_st\
art|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\$_(?:(?:pos|ge)t|session))\b"
\
"ctl:auditLogParts=+E,log,auditlog,msg:'PHP source code
leakage',,id:'970015',severity:'4'"
SecRule RESPONSE_BODY "<\?(?!xml)" \
"chain,ctl:auditLogParts=+E,log,auditlog,msg:'PHP source code
leakage',,id:'970902',severity:'4'"
More information about the bugs
mailing list