Difference between revisions of "WAF 380800"
m |
m |
||
(One intermediate revision by one user not shown) | |||
Line 9: | Line 9: | ||
'''Alert Message''' | '''Alert Message''' | ||
− | Atomicorp.com WAF Rules - Virtual Patch: PHP | + | Atomicorp.com WAF Rules - Virtual Patch: PHP Easter Egg Access |
'''Description''' | '''Description''' | ||
Line 15: | Line 15: | ||
This rule detects attempts to determine the version of PHP a system is using. PHP contains several "easter eggs" that can be sent to any PHP application to determine what version of PHP a system is using, even if PHP is configured to not reveal its version or other information. | This rule detects attempts to determine the version of PHP a system is using. PHP contains several "easter eggs" that can be sent to any PHP application to determine what version of PHP a system is using, even if PHP is configured to not reveal its version or other information. | ||
− | This rules | + | This rules works by detecting the use of these easter eggs, which are PHP session IDs reserved as easter eggs. The easter eggs are referenced in the section "Outside References" at the end of this article. |
'''False Positives''' | '''False Positives''' |
Latest revision as of 14:11, 27 December 2012
Rule ID
380800
Status
Active rule currently published.
Alert Message
Atomicorp.com WAF Rules - Virtual Patch: PHP Easter Egg Access
Description
This rule detects attempts to determine the version of PHP a system is using. PHP contains several "easter eggs" that can be sent to any PHP application to determine what version of PHP a system is using, even if PHP is configured to not reveal its version or other information.
This rules works by detecting the use of these easter eggs, which are PHP session IDs reserved as easter eggs. The easter eggs are referenced in the section "Outside References" at the end of this article.
False Positives
There are no known false positives for this condition. If you believe your version of PHP is not vulnerable to this probe, then disable this rule. We do not recommend you do this without first testing your PHP implementation against the known probe easter eggs.
Tuning Guidance
Please see the Tuning the Atomicorp WAF Rules page for basic information.
Similar Rules
None.
Knowledge Base Articles
None.
Outside References