Created
September 21, 2020 14:18
-
-
Save haproxytechblog/1f4cf14374eaedbefdbf42cd31a0a502 to your computer and use it in GitHub Desktop.
CVE-2020-15598: HAProxy Enterprise Unaffected Due to ModSecurity Hardening Measures!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SecRule ARGS "@rx \d" "id:1000,phase:2,deny,capture,log,msg:'Numeric payload'" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -w @format.txt -XPOST localhost:88 --data-binary @CVE.txt | |
| <html><body><h1>403 Forbidden</h1> | |
| Request forbidden by administrative rules. | |
| </body></html> | |
| time_namelookup: 0.004102 | |
| time_connect: 0.004636 | |
| time_appconnect: 0.000000 | |
| time_pretransfer: 0.004654 | |
| time_redirect: 0.000000 | |
| time_starttransfer: 1.006199 | |
| ----------------------------- | |
| time_total: 1.021561 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [/] [9] This phase consists of 5 rule(s). | |
| [/] [4] (Rule: 1000) Executing operator "Rx" with param "\d" against ARGS. | |
| [/] [9] Target value: "12345678910111213141516171819202122232425262728293031323334353637383940414243444 (152652 characters omitted)" (Variable: ARGS:foo) | |
| [/] [7] Added regex subexpression TX.0: 1 | |
| [/] [9] Matched vars updated. | |
| [/] [9] Saving msg: Numeric payload | |
| [/] [4] Rule returned 1. | |
| [/] [9] Running action: log | |
| [/] [9] Saving transaction to logs | |
| [/] [4] Running (disruptive) action: deny. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment