Author Topic: OWASP is triggering on Roundcube login in CWP  (Read 40 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
OWASP is triggering on Roundcube login in CWP
« on: March 14, 2019, 08:39:20 PM »
Hi!

OWASP triggers on a xss attack and blocks email sending/forwarding in Roundcube. It will work only when I disable mod_security. Please, any advice to sole this issue is welcome.

Code: [Select]
[Thu Mar 14 21:17:20.802643 2019] [:error] [pid 22926:tid 140178286909184] [client 95.90.228.143:1153] [client 95.90.228.143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\ballowscriptaccess\\\\b|\\\\brel\\\\b\\\\W*?=" at ARGS:_message. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "304"] [id "973301"] [rev "2"] [msg "XSS Attack Detected"] [data "Matched Data: rel= found within ARGS:_message: <p>test</p>\\x0d\\x0a<div id=\\x22_rc_sig\\x22>&nbsp;</div>\\x0d\\x0a<p>&nbsp;</p>\\x0d\\x0a<p>el 2019-03-14 13:27, ;:</p>\\x0d\\x0a<blockquote><!-- html ignored --><!-- head ignored --><!-- meta ignored -->\\x0d\\x0a<div class=\\x22pre\\x22>gracias, cual es el numero del booking del cami&oacute;n y el numero del contenedor? no los encuentro en el fichero que me enviaste.<br /> <br /> <br /> j. sobota <br /> aksert <br /> t: +49 6132 977197 | f: +4..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.www.www
"] [uri "/webmail/"] [unique_id "xxx"], referer: http://xxx.xxx.xxx/webmail/?_task=mail&_action=compose&_id=15578827575c8ab6cb5ce70