WAF 361022
Rule 361022 | |
---|---|
Status | Active |
Alert Message | Atomicorp.com WAF Rules: Potential SQL Information Leakage |
Contents |
[edit] Description
This rules detects when an application return an SQL error message. This rules does not cause this and does not block any action. Disabling this rule will not have any effect on the applications SQL error. The rule just detects when an SQL error is detected in the data sent from your web server to your users. This information may include sensitive information, such as passwords, or this may indicate that an attacker is attempting to find flaws in your applications.
We recommend you investigate the cause of the SQL error, as this may indicate an attack is in progress.
[edit] Troubleshooting
[edit] False Positives
A false positive could occur if a user posted an SQL error message to forum, blog or other content management system. This rule looks for specific error messages in the content of the data returned to the user, not the data sent by the user. Please check the content of the event before reporting this as a false positive. If the event was a real SQL error message returned by your server, then do not report this as a false positive, the rule is working correctly.
[edit] Tuning Guidance
See the Mod_security page for guidance on tuning this rule.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.
[edit] Notes
None.