[wp-trac] [WordPress Trac] #35412: ModSecurity2 blocks Potential Obfuscated Javascript in outbound anomaly
WordPress Trac
noreply at wordpress.org
Tue Jan 12 09:30:51 UTC 2016
#35412: ModSecurity2 blocks Potential Obfuscated Javascript in outbound anomaly
--------------------------+-----------------------------
Reporter: becki | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.4.1
Severity: normal | Keywords:
Focuses: javascript |
--------------------------+-----------------------------
hello there ;)
since the 4.4.1 update mod_security reports a potential obfuscated
javascript in outbound and blocks wordpress
i'm using OWASP_CRS/2.2.9 and mod_security rule triggering this is '''ID
981004''' and it reports the following:
{{{
Rule Message: Potential Obfuscated Javascript in Output - Excessive
fromCharCode
Event: Pattern match "(?i)(String\\.fromCharCode\\(.*?){4,}" at
RESPONSE_BODY
Data: Matched Data:
String.fromCharCode(55356,56806,55356,56826),0,0),d.toDataURL().length>3e3):\x22diversity\x22===a?(e.fillText(String.fromCharCode(55356,57221),0,0),c=e.getImageData(16,16,1,1).data.toString(),e.fillText(String.fromCharCode(55356,57221,55356,5
Tag: OWASP_CRS/MALICIOUS_CODEbugtraq,13544
}}}
{{{
Rule Message: Outbound Anomaly Score Exceeded (score 4): The application
is not available
Event: Operator GE matched 4 at TX:outbound_anomaly_score
}}}
mod_security regex is matched in the _wpemojiSettings / function and
finally resulting in mod_security blocking wordpress ;(
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35412>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list