Author Topic: False-Positive report thread  (Read 35054 times)

Offline SergeiP

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 201
Re: False-Positive report thread
« Reply #240 on: October 26, 2018, 05:08:18 AM »
225170: WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)

Request:   GET /folder/wp-json/wp/v2/users/?who=authors&per_page=-1
Action Description:   Access denied with code 403 (phase 2).
Justification:   Test '&REQUEST_COOKIES_NAMES:/^wordpress_([0-9a-fA-f]{32})$/' again st '![at]ge 1' is true.

This rule does happen on all WP installations with Gutenberg editor that will become default soon.

Not confirmed. Please share audit.log for this event. Thank you.

Offline Ansari_WAF

  • Newbie
  • *
  • Posts: 4
Re: False-Positive report thread
« Reply #241 on: November 20, 2018, 08:38:54 AM »
Rule 217280

WordPress 4.9.8
Plugin: Contact Form 7

Unable to save form in back-end if text on form includes keywords such as "head".

Log is attached

Further information not provided by hosting service.

log from andypatnz received on 20 nov 2018

You have just been sent a personal message by andypatnz on The Comodo Forum.

IMPORTANT: Remember, this is just a notification. Please do not reply to this email.

The message they sent you was:

I have finally got a log for this problem. I hope that this is what you were expecting.

Reply to this Personal Message here:;sa=send;f=inbox;pmsg=105308;quote;u=738040


 We have fixed and it will be available on coming release.


Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek