Author Topic: False-Positive report thread  (Read 32912 times)

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 193
Re: False-Positive report thread
« Reply #240 on: October 26, 2018, 05:08:18 AM »
225170: WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)

Request:   GET /folder/wp-json/wp/v2/users/?who=authors&per_page=-1
Action Description:   Access denied with code 403 (phase 2).
Justification:   Test '&REQUEST_COOKIES_NAMES:/^wordpress_([0-9a-fA-f]{32})$/' again st '![at]ge 1' is true.

This rule does happen on all WP installations with Gutenberg editor that will become default soon.

Not confirmed. Please share audit.log for this event. Thank you.


Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek