Jump to content

Recommended Posts

Posted

After installing Revive with only denial of the ZIPped plugins, i can run Revive but the security system of the provider called COMODO WAF is reporting Revive as a vulnerability to their system:

This is the report:

[Mon Oct 15 14:22:08.593756 2018] [:error] [pid 1799253:tid 140005489911552] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:(?:advertiser|campaign|affiliate|zone|channel)\\\\-edit|account\\\\-user\\\\-(?:name\\\\-language|email|password))\\\\.php$" at REQUEST_FILENAME. [file "/usr/local/cwaf/rules/32_Apps_OtherApps.conf"] [line "1387"] [id "240530"] [rev "3"] [msg "COMODO WAF: CSRF protection bypass in Revive Adserver before 3.2.2 (CVE-2015-7364)||www.bannerserver.nl|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.bannerserver.nl"] [uri "/www/admin/advertiser-edit.php"] [unique_id "W8SGcHrHq69UgJn5sExDtwAAACA"], referer: http://www.bannerserver.nl/www/admin/advertiser-edit.php 

This is popping up at the logs of my provider after i saved a new advertiser. At the browse i get a Forbidden message....

Can anybody shine his light on this?

  • 2 years later...
Posted

I'm using Plesk Server Provisioning Control panel and I was also getting the 403 error until I switched from COMODO to OWASP ModSecurity which now allows me to add users and advertisers.
 

Both COMODO AND OWASP are OpenSource programs

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...