Willem Luijk Posted October 15, 2018 Report Posted October 15, 2018 After installing Revive with only denial of the ZIPped plugins, i can run Revive but the security system of the provider called COMODO WAF is reporting Revive as a vulnerability to their system: This is the report: [Mon Oct 15 14:22:08.593756 2018] [:error] [pid 1799253:tid 140005489911552] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:(?:advertiser|campaign|affiliate|zone|channel)\\\\-edit|account\\\\-user\\\\-(?:name\\\\-language|email|password))\\\\.php$" at REQUEST_FILENAME. [file "/usr/local/cwaf/rules/32_Apps_OtherApps.conf"] [line "1387"] [id "240530"] [rev "3"] [msg "COMODO WAF: CSRF protection bypass in Revive Adserver before 3.2.2 (CVE-2015-7364)||www.bannerserver.nl|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.bannerserver.nl"] [uri "/www/admin/advertiser-edit.php"] [unique_id "W8SGcHrHq69UgJn5sExDtwAAACA"], referer: http://www.bannerserver.nl/www/admin/advertiser-edit.php This is popping up at the logs of my provider after i saved a new advertiser. At the browse i get a Forbidden message.... Can anybody shine his light on this? Quote
Ian Posted October 15, 2018 Report Posted October 15, 2018 Seems indeed your hosting provider blocks it. Quote
440music Posted September 19, 2021 Report Posted September 19, 2021 I'm using Plesk Server Provisioning Control panel and I was also getting the 403 error until I switched from COMODO to OWASP ModSecurity which now allows me to add users and advertisers. Both COMODO AND OWASP are OpenSource programs Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.