[False Positive ID 20020] Execution error - PCRE limits exceeded on WHMCS pages

akabakov · February 5, 2014, 4:03pm

Please, tell us the next info about pcre on your servers:

$ pcretest -C

For example:

$ pcretest -C
PCRE version 7.8 2008-09-05
Compiled with
UTF-8 support
Unicode properties support
Newline sequence is LF
\R matches all Unicode newlines
Internal link size = 2
POSIX malloc threshold = 10
Default match limit = 10000000
Default recursion depth limit = 10000000
Match recursion uses stack

Most of all we need information about Default match limit and Default recursion depth limit

chuvadenovembro · February 5, 2014, 5:47pm

Hi akabakov,

Centos 5 (virtuozzo)

PCRE version 6.6 06-Feb-2006 Compiled with UTF-8 support Unicode properties support Newline character is LF Internal link size = 2 POSIX malloc threshold = 10 Default match limit = 10000000 Default recursion depth limit = 10000000 Match recursion uses stack

LoadFile /opt/xml2/lib/libxml2.so # LoadFile /opt/lua/lib/liblua.so LoadModule security2_module modules/mod_security2.so SecRuleEngine On SecAuditEngine RelevantOnly SecAuditLog logs/modsec_audit.log SecDebugLog logs/modsec_debug_log SecDebugLogLevel 0 SecRequestBodyAccess on SecDataDir /tmp SecPcreMatchLimit 250000 SecPcreMatchLimitRecursion 250000 Include "/var/cpanel/cwaf/etc/cwaf.conf" Include "/usr/local/apache/conf/modsec2.whitelist.conf"

PHP.ini

pcre.backtrack_limit = 10000000 pcre.recursion_limit = 10000000

Thanks