Author Topic: Rule False Positive? - WP All Import plugin  (Read 124 times)

Offline amsscott

  • Newbie
  • *
  • Posts: 9
Rule False Positive? - WP All Import plugin
« on: October 14, 2018, 10:31:40 AM »
This is more of just a general question.

I have a user that seems to be hitting rule 230550 - COMODO WAF: XSS vulnerability in Import any XML or CSV File (WP All Import) plugin 3.4.9 for WordPress - while doing legitimate imports.

The user is using version 3.4.9 of the WP All Import plugin.

Is this particular rule saying that version 3.4.9 of WP All Import is vulnerable to this XSS vulnerability?  3.4.9 appears to be the latest version of WP All Import - but it hasn't been updated in 5 months.  I'm not finding any security alerts that indicate that WP All Import version 3.4.9 is vulnerable to anything although that doesn't mean it's not.

I'm fine with exempting this rule for this particular user.  I'm just trying to get a better understanding of what specifically this description is saying.

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 193
Re: Rule False Positive? - WP All Import plugin
« Reply #1 on: October 18, 2018, 11:00:42 AM »
Hello amsscott.
You should report about False Positives here:
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/falsepositive-report-thread-t104373.0.html
When you report abou FP you should provide information described:
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/falsepositive-report-thread-t104373.0.html;msg869520#msg869520

This rule contain protection from 0day vulnerabilities. CVE IDs for these vulnerabilities are waiting for approval.
Please provide modsec_audit.log for this event.
Regards.

Offline amsscott

  • Newbie
  • *
  • Posts: 9
Re: Rule False Positive? - WP All Import plugin
« Reply #2 on: October 18, 2018, 11:15:55 AM »
I just exempted the rule for this VirtualHost, all appears to be good now.

Although my initial question still remains.  Is this an issue with version 3.4.9 of the WP All Import plugin?

I'm not seeing any disclosed issues with version 3.4.9 of WP All Import - but that doesn't necessarily mean there isn't one or that I'm just not finding it.

Offline Ansari_WAF

  • Newbie
  • *
  • Posts: 2
Re: Rule False Positive? - WP All Import plugin
« Reply #3 on: October 22, 2018, 08:45:17 AM »
Hi amsscott,

Yes, For security purpose, the details will be disclosed on after fixed.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek