Last modified: 2014-09-18 18:04:59 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T37203, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 35203 - Semantic Search produces invalid links for ModSecurity (the WAF)


Summary:	Semantic Search produces invalid links for ModSecurity (the WAF)

Status:	RESOLVED WONTFIX

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	Semantic MediaWiki (Other open bugs)
Version:	unspecified
Hardware:	All Linux

Importance:	Normal minor (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-03-13 19:03 UTC by Hans Meiser
Modified:	2014-09-18 18:04 UTC (History)
CC List:	5 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Hans Meiser 2012-03-13 19:03:50 UTC

Semantic Search produces invalid links for ModSecurity (the WAF)

1) HTTP Response Splitting Attack 2) Invalid request 

...result pages triggered by pagination links of semantic search are falling in a bad request response.

reg. Stevie, http://webserver-management.de

Comment 1 Hans Meiser 2012-03-13 20:00:34 UTC

Corresponding pattern match:

modsecurity_crs_40_generic_attacks.conf:

# HTTP Response Splitting
#
SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_HEADERS_NAMES "%0[ad]" \
        "phase:2,t:none,t:lowercase,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:400,msg:'HTTP Response Splitting Attack',id:'950910',logdata:'%{TX.0}',severity:'1'"

reg. Stevie, http://webserver-management.de

Comment 2 Jeroen De Dauw 2012-03-13 22:15:39 UTC

Can you provide an example link or at least the relevant part of the url?

Also, what version of SMW are you using?

Comment 3 [[kgh]] 2012-06-23 01:18:58 UTC

@Hans Meiser Any news on this? Pls do not let SMW down on this one in case it is a security issue

Comment 4 Hans Meiser 2012-06-23 01:53:42 UTC

Happens while pagination:

http://gif-wiki.de/w/Spezial:Semantische_Suche/-5B-5BImmo_AG_hoch::x-5D-5D/-3FImmo-20AG-20hoch/offset%3D2/limit%3D2

Version-Info:

http://gif-wiki.de/w/Spezial:Version

c u Hans Meiser

Comment 5 MWJames 2012-10-01 12:51:58 UTC

Maybe it is my lack of technical knowledge but what exactly is the security issue here?

I tried to follow the links and I could not find any hint of what is going wrong.
Could you iterate on:

1) What is the exact problem?

2) What has to be different to make the problem go away?

3) or what should be done to satisfy modsecurity (I assume most people might not be sufficiently carry knowledge about modsecurity related topics, so explaining how that connects to SMW would be nice.)

Those questions might seem a bit far but people try to help and only after they understand what issues are involved they might can come up with a solution.

Comment 6 Hans Meiser 2012-10-01 15:58:40 UTC

Sorry MWJames, I'm currently very busy- and will provide further investigations or a complete solution as soon as possible to the community- if I can. By the way, this issue can be avoided by hinti
ng/disabling the corresponding rule in ModeSecurity. The issue can have been reproduced by analizing the Apache/ModeSecurity log files while running the WAF.

c u

Comment 7 Jeroen De Dauw 2012-11-27 18:10:02 UTC

Decreasing to minor as neither me nor MWJames can see the issue and no further description is provided for now

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links