Softaculous

Topic : CRITICAL Vulnerability!!!

Posted By: indy0077 on June 12, 2018, 5:59 pm

Our firewall has blocked access to our cPanel account due the following:

Request: GET
/whmcs/modules/servers/virtualizor/ui/fonts/OpenSans-Regular.ttf?-cky9kd

Action Description: Access denied with code 403 (phase 1).

Justification: Match of "rx frontend/paper_lantern/softaculous/themes/default/fonts" against "REQUEST_FILENAME" required.
---------------------------------------------------------------

SecRule QUERY_STRING "!@contains =" \ "id:220030,chain,msg:'COMODO WAF: Vulnerability in PHP before 5.3.12 and 5.4.x before 5.4.2 (CVE-2012-1823)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,rev:7,severity:2,tag:'CWAF',tag:'PHPGen'"SecRule QUERY_STRING "@beginsWith -" \ "chain,t:none"SecRule MATCHED_VAR "@pm -a -b -C -q -T -c -n -d -e -f -h -? -i -l -m -r -B -R -F -E -S -t -s -v -w -z" \ "chain,t:none,t:urlDecodeUni,t:trim"SecRule REQUEST_FILENAME "!@rx frontend/paper_lantern/softaculous/themes/default/fonts" \ "t:none,t:urlDecodeUni,t:lowercase"
Please advise.
Thanks

Posted By: wolke on June 13, 2018, 5:58 am | Post: 1

That is not a vulnerability at all.
Which PHP version are you using?

Posted By: indy0077 on June 17, 2018, 6:38 am | Post: 2

It's PHP Version 7.0.30

Posted By: wolke on June 17, 2018, 8:07 am | Post: 3

you can safely disable this rule, as it protects against a vulnerability in lower PHP versions. Your PHP is not affected and thus, does not benefit from this rule.

Posted By: indy0077 on June 17, 2018, 8:10 am | Post: 4

Quote From : wolke June 17, 2018, 8:07 am

you can safely disable this rule, as it protects against a vulnerability in lower PHP versions. Your PHP is not affected and thus, does not benefit from this rule.

Thank you!