Difference between revisions of "WAF 340152"

From Atomicorp Wiki
Jump to: navigation, search
m
m
 
(One intermediate revision by one user not shown)
Line 9: Line 9:
 
'''Description'''   
 
'''Description'''   
  
This is not a triggered rule, but a rule that is triggered by an error in your application or client.  Typically is is caused when a multipart/request-data parser or XML parser fails to properly parse a request payload.
+
This is not a triggered rule, but a rule that is triggered when a multi-part message can not be assembled correctly.  Typically this is caused when a multipart/request-data parser or XML parser fails to properly parse a request payload, generally because of either a broken client or client library, or a broken or corrupt request.
  
This is not a false positive, it seemly means that your application or client threw an error mean that the multipart message could not be assembled.  Check your applicant or client for the cause of this error.
+
This is not a false positive, it seemly means that your application or client is creating multi-part messages that can not be assembled, either by ModSecurity or by the application.  Check your applicant or client for the cause of this error and ensure that multipart messages are being sent and generated correctly.
  
It is not recommended you disable this rule.  Doing so will leave your system open to [[impedance mismatch attacks]]. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by a more tolerant parser operating in the application. Therefore an attack could be pass through without detection.
+
It is not recommended you disable this rule.  Doing so will leave your system open to [[impedance mismatch attacks]]. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by a more tolerant parser operating in the application. Therefore an attack could be passed through without detection.
  
 
'''False Positives'''
 
'''False Positives'''

Latest revision as of 12:37, 7 May 2012

Rule ID

340152

Alert Message

Request Body Parsing Failed. <ERROR MESSAGE FOR YOUR SYSTEM>: check your application or client for errors, this is not a false positive.

Description

This is not a triggered rule, but a rule that is triggered when a multi-part message can not be assembled correctly. Typically this is caused when a multipart/request-data parser or XML parser fails to properly parse a request payload, generally because of either a broken client or client library, or a broken or corrupt request.

This is not a false positive, it seemly means that your application or client is creating multi-part messages that can not be assembled, either by ModSecurity or by the application. Check your applicant or client for the cause of this error and ensure that multipart messages are being sent and generated correctly.

It is not recommended you disable this rule. Doing so will leave your system open to impedance mismatch attacks. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by a more tolerant parser operating in the application. Therefore an attack could be passed through without detection.

False Positives

There are no known False Positives for this rule.

Similar Rules


Outside References

Personal tools