Difference between revisions of "WAF 388000"
(Created page with "'''Rule ID''' 388000 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules - Virtual Patch: Possible Attempt to Access vulnerable FCKe...") |
Latest revision as of 12:12, 24 July 2011
Rule ID
388000
Status
Active rule currently published.
Alert Message
Atomicorp.com WAF Rules - Virtual Patch: Possible Attempt to Access vulnerable FCKeditor file upload connector (Disable if you have configured this connector to require authentication)
Description
This rule detects the use of FCKEditor file upload connector. This tool has the potential to be used in an unauthenticated manner, making it possible for attackers to upload files to your system without your permissions. A number of web applications use this connector, and configure it an unauthenticated manner.
This rules work by detecting the use of this connector.
False Positives
A false positive can only occur when an the application is used in an authenticated manner. If you know that this connector is properly protected, then disable this rule. However, if the application is not properly protected, disabling this rule will make it possible for anyone to upload files to the system. This method is well known and is used regularly to compromise hosts.
Tuning Guidance
If you know that this behavior is acceptable for your application, please log into your ASL gui, click on Configuration, then Rules Manager. And disable this rule only for the virtual hosts that use it. We do not recommend you disable this rule globally.
If you are not using ASL, then you will have to manually configure your modsecurity rules for your needs. Please see the Tuning the Atomicorp WAF Rules page for basic information.
Similar Rules
Knowledge Base Articles
None.
Outside References
None.