[wp-trac] [WordPress Trac] #53783: Visiting Widgets Is Blocking Access To My Server
WordPress Trac
noreply at wordpress.org
Mon Jul 26 11:46:00 UTC 2021
#53783: Visiting Widgets Is Blocking Access To My Server
--------------------------+-----------------------------
Reporter: inkwellcd | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Widgets | Version: 5.8
Severity: blocker | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
Any time I visit widgets with my current host I get blocked from visiting
all of my websites on the server.
Here are the details:
triggering a mod security rule as below:
941160 Warning. Pattern match \"(?i:(?:<\\w[\\s\\S]*[\\s\\/]|\'\\"
?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange
...\" at REQUEST_HEADERS:Referer. [file
\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941
-APPLICATION-ATTACK-XSS.conf\"] [line \"199\"] [id \"941160\"] [msg
\"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data:
\x0d\x0a 2021-07-24 18:22:36
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53783>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list