Difference between revisions of "WAF 380800"

From Atomicorp Wiki
Jump to: navigation, search
m (Created page with "'''Rule ID''' 380800 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules - Virtual Patch: PHP Version Probe '''Description''' Th...")
 
m
Line 13: Line 13:
 
'''Description'''   
 
'''Description'''   
  
This rule detects attempts to determine the version of PHP a system is using.  PHP contains several "easter eggs" that can be sent to any PHP application to determine that version of PHP the system has, even if PHP is configured to not reveal its version.
+
This rule detects attempts to determine the version of PHP a system is using.  PHP contains several "easter eggs" that can be sent to any PHP application to determine what version of PHP a system is using, even if PHP is configured to not reveal its version or other information.
  
This rules work by detecting the use of these easter eggs.   
+
This rules work by detecting the use of these easter eggs, which are PHP session IDs reserved as easter eggs.  The easter eggs are referenced in the section "Outside References" at the end of this article.
  
 
'''False Positives'''
 
'''False Positives'''
  
There are no known false positives for this condition.  If you believe your version of PHP is not vulnerable to this probe, then disable this rule.  We do not recommend you do this without first testing your PHP implementation.
+
There are no known false positives for this condition.  If you believe your version of PHP is not vulnerable to this probe, then disable this rule.  We do not recommend you do this without first testing your PHP implementation against the known probe easter eggs.  
  
 
'''Tuning Guidance'''
 
'''Tuning Guidance'''

Revision as of 14:50, 25 July 2011

Rule ID

380800

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules - Virtual Patch: PHP Version Probe

Description

This rule detects attempts to determine the version of PHP a system is using. PHP contains several "easter eggs" that can be sent to any PHP application to determine what version of PHP a system is using, even if PHP is configured to not reveal its version or other information.

This rules work by detecting the use of these easter eggs, which are PHP session IDs reserved as easter eggs. The easter eggs are referenced in the section "Outside References" at the end of this article.

False Positives

There are no known false positives for this condition. If you believe your version of PHP is not vulnerable to this probe, then disable this rule. We do not recommend you do this without first testing your PHP implementation against the known probe easter eggs.

Tuning Guidance

Please see the Tuning the Atomicorp WAF Rules page for basic information.

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

http://www.0php.com/php_easter_egg.php

Personal tools