Welcome Guest. Please Login or Register  


You are here: Index > Virtualizor - Virtual Server Control Panel > General Support > Topic : CRITICAL Vulnerability!!!



Threaded Mode | Print  

 CRITICAL Vulnerability!!! (4 Replies, Read 740 times)
indy0077
Group: Member
Post Group: Working Newbie
Posts: 92
Status:
Our firewall has blocked access to our cPanel account due the following:

                   
                       
                            Request: GET
                                /whmcs/modules/servers/virtualizor/ui/fonts/OpenSans-Regular.ttf?-cky9kd

                           
                       
                   
                   
                       
                            Action Description: Access denied with code 403 (phase 1).

                       
                   
                   
                       
                            Justification: Match of "rx frontend/paper_lantern/softaculous/themes/default/fonts" against "REQUEST_FILENAME" required.
---------------------------------------------------------------

SecRule QUERY_STRING "!@contains =" \    "id:220030,chain,msg:'COMODO WAF: Vulnerability in PHP before 5.3.12 and 5.4.x before 5.4.2 (CVE-2012-1823)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,rev:7,severity:2,tag:'CWAF',tag:'PHPGen'"SecRule QUERY_STRING "@beginsWith -" \    "chain,t:none"SecRule MATCHED_VAR "@pm -a -b -C -q -T -c -n -d -e -f -h -? -i -l -m -r -B -R -F -E -S -t -s -v -w -z" \    "chain,t:none,t:urlDecodeUni,t:trim"SecRule REQUEST_FILENAME "!@rx frontend/paper_lantern/softaculous/themes/default/fonts" \    "t:none,t:urlDecodeUni,t:lowercase"
Please advise.
Thanks

                       
                   
               
IP: --   

CRITICAL Vulnerability!!!
wolke
Group: NOC
Post Group: Working Member
Posts: 122
Status:
That is not a vulnerability at all.
Which PHP version are you using?
IP: --   

CRITICAL Vulnerability!!!
indy0077
Group: Member
Post Group: Working Newbie
Posts: 92
Status:
It's PHP Version 7.0.30
IP: --   

CRITICAL Vulnerability!!!
wolke
Group: NOC
Post Group: Working Member
Posts: 122
Status:
you can safely disable this rule, as it protects against a vulnerability in lower PHP versions. Your PHP is not affected and thus, does not benefit from this rule.


IP: --   

CRITICAL Vulnerability!!!
indy0077
Group: Member
Post Group: Working Newbie
Posts: 92
Status:
Quote From : wolke June 17, 2018, 8:07 am
you can safely disable this rule, as it protects against a vulnerability in lower PHP versions. Your PHP is not affected and thus, does not benefit from this rule.





Thank you!
IP: --   

« Previous    Next »

Threaded Mode | Print  



Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is September 22, 2018, 1:12 pm.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 11  |  Page Created In:0.196