Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

False positives - PrestaShop 1.7.7.3

See original GitHub issue

Description

I’m trying to save product in PrestaShop 1.7.7.3. I am receiving error 403 and several false positives in log file.

Audit Logs / Triggered Rule Numbers

Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 46.29.20.225] ModSecurity: Rule 7f0f9b3b2bc0 [id "932150"][file "/etc/apache2/modsecurity-crs/coreruleset-3.3.1-rc1/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "463"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "domain.com"] [uri "/adminXXX/index.php/sell/catalog/products/206"] [unique_id "YHa1hxtUeu@2oJrdNR6ohQAAAAM"]

Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 46.29.20.225] ModSecurity: Rule 7f0f9b3b2bc0 [id "932150"][file "/etc/apache2/modsecurity-crs/coreruleset-3.3.1-rc1/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "463"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "domain.com"] [uri "/adminXXX/index.php/sell/catalog/products/206"] [unique_id "YHa1hxtUeu@2oJrdNR6ohQAAAAM"]

Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 46.29.20.225] ModSecurity: Rule 7f0f9bc98608 [id "941160"][file "/etc/apache2/modsecurity-crs/coreruleset-3.3.1-rc1/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "199"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "domain.com"] [uri "/adminXXX/index.php/sell/catalog/products/206"] [unique_id "YHa1hxtUeu@2oJrdNR6ohQAAAAM"]

Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 46.29.20.225] ModSecurity: Rule 7f0f9bc71920 [id "941200"][file "/etc/apache2/modsecurity-crs/coreruleset-3.3.1-rc1/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "299"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "domain.com"] [uri "/adminXXX/index.php/sell/catalog/products/206"] [unique_id "YHa1hxtUeu@2oJrdNR6ohQAAAAM"] Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 46.29.20.225] ModSecurity: Warning. Pattern match "\\\\\\\\xbc[^\\\\\\\\xbe>]*[\\\\\\\\xbe>]|<[^\\\\\\\\xbe]*\\\\\\\\xbe" at ARGS:form[step1][description][1]. [file "/etc/apache2/modsecurity-crs/coreruleset-3.3.1-rc1/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "546"] [id "941310"] [msg "US-ASCII Malformed Encoding XSS Filter - Attack Detected"] [data "Matched Data: XXX"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-tomcat"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152 [hostname "domain.com"] [uri "/adminXXX/index.php/sell/catalog/products/206"] [unique_id "YHa1hxtUeu@2oJrdNR6ohQAAAAM"]

Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 46.29.20.225] ModSecurity: Rule 7f0f9bc48e98 [id "941350"][file "/etc/apache2/modsecurity-crs/coreruleset-3.3.1-rc1/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "573"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "domain.com"] [uri "/adminXXX/index.php/sell/catalog/products/206"] [unique_id "YHa1hxtUeu@2oJrdNR6ohQAAAAM"]

Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 46.29.20.225] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset-3.3.1-rc1/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "152"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domain.com"] [uri "/adminXXX/index.php/sell/catalog/products/206"] [unique_id "YHa1hxtUeu@2oJrdNR6ohQAAAAM"]

Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 46.29.20.225] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset-3.3.1-rc1/rules/RESPONSE-980-CORRELATION.conf"] [line "91"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.1"] [tag "event-correlation"] [hostname "domain.com"] [uri "/adminXXX/index.php/sell/catalog/products/206"] [unique_id "YHa1hxtUeu@2oJrdNR6ohQAAAAM"]

Your Environment

  • CRS version (e.g., v3.2.0): v3.3.1-rc1 (same on v3.3.0)
  • Paranoia level setting: 1
  • ModSecurity version (e.g., 2.9.3): 2.9.3
  • Web Server and version (e.g., apache 2.4.41): Apache/2.4.38 (Debian)
  • Operating System and version: Debian 10

Confirmation

[X] I have removed any personal data (email addresses, IP addresses, passwords, domain names) from any logs posted.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:19 (10 by maintainers)

github_iconTop GitHub Comments

3reactions
szymonkrygiercommented, Apr 15, 2021

You are welcome 😃

@azurit it would be great oppurtunity for me to test your exclusion rules for PrestaShop. 😃

I will contact you when it’s ready for testing.

Contact me whenever you ready!

Can we close this issue?

Sure. Thank you once again!

0reactions
azuritcommented, Apr 15, 2021

You are welcome 😃

@azurit it would be great oppurtunity for me to test your exclusion rules for PrestaShop. 😃

I will contact you when it’s ready for testing.

Can we close this issue?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Rework of the E2E test suite run by Travis #14497 - GitHub
Travis runs some E2E tests using Selenium. We've had multiple issues over time with this test suite: false positives, random failures, bad test ......
Read more >
Upgrade from 1.7.6.5 to 1.7.7.3 Failed - PrestaShop
I downloaded a full version of 1.7.7.3 and uploaded it as per instructions ... of Cart::getProducts($refresh = false, $id_product = false, ...
Read more >
PrestaShop - Installatron
Installatron for PrestaShop is a one-click solution to install and manage PrestaShop websites. Deploy a free PrestaShop store instantly and ...
Read more >
PrestaShop Attribute Wizard Pro Module - Presto-Changeo
Our most popular and highly rated module, now with support for connected attributes, lets you create an unlimited number of attributes per product...
Read more >
PrestaShop Version 1.7.7.0 now available for testing
Beta version for PrestaShop 1.7.7.0 is now ready to be tested. Improvements in technical, core module, seo & user experience in PrestaShop Version...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

brotli compression - false positive

Next page

Rule Id: 932150 false positive on time keyword