Difference between revisions of "WAF 361022"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1= Rule 361022 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Atomicorp.com WAF Rules: Potential SQL Information Leakage }} = Description ...")
 
m (Description)
 
Line 9: Line 9:
 
= Description =
 
= Description =
  
This rules detects when an application return an SQL error message.  This rules does not cause this, and disabling this rule will not have any effect on the applications SQL error.  The rule just detects when an SQL error is detected in the data sent from your web server to your users.  This information may include sensitive information, such as passwords, or this may indicate that an attacker is attempting to find flaws in your applications.   
+
This rules detects when an application return an SQL error message.  This rules does not cause this and does not block any action.  Disabling this rule will not have any effect on the applications SQL error.  The rule just detects when an SQL error is detected in the data sent from your web server to your users.  This information may include sensitive information, such as passwords, or this may indicate that an attacker is attempting to find flaws in your applications.   
  
 
We recommend you investigate the cause of the SQL error, as this may indicate an attack is in progress.
 
We recommend you investigate the cause of the SQL error, as this may indicate an attack is in progress.

Latest revision as of 11:32, 17 June 2013

Rule 361022
Status Active
Alert Message Atomicorp.com WAF Rules: Potential SQL Information Leakage

Contents

[edit] Description

This rules detects when an application return an SQL error message. This rules does not cause this and does not block any action. Disabling this rule will not have any effect on the applications SQL error. The rule just detects when an SQL error is detected in the data sent from your web server to your users. This information may include sensitive information, such as passwords, or this may indicate that an attacker is attempting to find flaws in your applications.

We recommend you investigate the cause of the SQL error, as this may indicate an attack is in progress.

[edit] Troubleshooting

[edit] False Positives

A false positive could occur if a user posted an SQL error message to forum, blog or other content management system. This rule looks for specific error messages in the content of the data returned to the user, not the data sent by the user. Please check the content of the event before reporting this as a false positive. If the event was a real SQL error message returned by your server, then do not report this as a false positive, the rule is working correctly.

[edit] Tuning Guidance

See the Mod_security page for guidance on tuning this rule.

[edit] Additional Information

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

None.

Personal tools