Difference between revisions of "WAF 340152"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with ''''Rule ID''' 340152 '''Alert Message''' Request Body Parsing Failed. <ERROR MESSAGE FOR YOUR SYSTEM>: check your application or client for errors, this is not a false posi…')
 
m
Line 9: Line 9:
 
'''Description'''   
 
'''Description'''   
  
This is not a triggered rule, but a rule that is triggered by an error in your application or client.  This is not a false positive, it seemly means that your application or client threw an error that the processor detected as invalid.  Check your applicant or client for the cause of this error.
+
This is not a triggered rule, but a rule that is triggered by an error in your application or client.  Typically is is caused when a multipart/request-data parser or XML parser fails to properly parse a request payload.
 +
 
 +
This is not a false positive, it seemly means that your application or client threw an error mean that the multipart message could not be assembled.  Check your applicant or client for the cause of this error.
 +
 
 +
It is not recommended you disable this rule.  Doing so will leave your system open to [[impedance mismatch attacks]]. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by a more tolerant parser operating in the application. Therefore an attack could be pass through without detection.
  
 
'''False Positives'''
 
'''False Positives'''
  
There are no known False Positives for this.
+
There are no known False Positives for this rule.
  
 
'''Similar Rules'''
 
'''Similar Rules'''

Revision as of 14:19, 26 October 2010

Rule ID

340152

Alert Message

Request Body Parsing Failed. <ERROR MESSAGE FOR YOUR SYSTEM>: check your application or client for errors, this is not a false positive.

Description

This is not a triggered rule, but a rule that is triggered by an error in your application or client. Typically is is caused when a multipart/request-data parser or XML parser fails to properly parse a request payload.

This is not a false positive, it seemly means that your application or client threw an error mean that the multipart message could not be assembled. Check your applicant or client for the cause of this error.

It is not recommended you disable this rule. Doing so will leave your system open to impedance mismatch attacks. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by a more tolerant parser operating in the application. Therefore an attack could be pass through without detection.

False Positives

There are no known False Positives for this rule.

Similar Rules


Outside References

Personal tools