Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 1 subscriber
  • Views 13723 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SQL Injection Attack blocks login to webpage

oscar@meos.nl
After upgrading to UTM 9.2 my webserver was unavailable to customers. They got to the login screen, but after entering their credentials they got an error message saying reports could not be loaded. After some tinkering with the settings, I found the problem was solved by disabling SQL Injection Attack in the default firewall profile. In UTM 9.1 the SQL Injection Attack filtering option was active without any problems. [:S]

Any thoughts on this? Thanks in advance.


This thread was automatically locked due to age.
Parents
  • 0
    I don't get this either - I have deploy our second 9.2 UTM with small bussiness server 2011 (Exchange 2010)

    and we have this same issue? we didn't have this problem with 9.1.

    However, our first 9.2 we deployed in another environment with a fully fledged Exchange 2010, this doesn't seem to have a problem??

    2014:06:11-09:25:36 FEZI_SophosUTM reverseproxy: [Wed Jun 11 09:25:36.550093 2014] [security2:error] [pid 6177:tid 4063656816] [client 101.167.38.124] ModSecurity: Warning. Pattern match "(^[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98;]+|[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98;]+$)" at REQUEST_COOKIES:cadata. [file "/usr/apache/conf/waf/modsecurity_crs_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \x22 found within REQUEST_COOKIES:cadata: \x2224CTK6Y9bTQAYpZ RteE0za4 uV/HN AF UF8iGSpLAzVpVTKLe1tQmVjSTL0/MPRWe8WWdkY I4HLd9oehfxlMk YKpJ/YH4yViI/I3gFdc=\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "owa.domain.com"] [uri "/owa/ev.owa"] [unique_id "U5eT8MCoAQIAABghwlgAAAAI"]
Reply
  • 0
    I don't get this either - I have deploy our second 9.2 UTM with small bussiness server 2011 (Exchange 2010)

    and we have this same issue? we didn't have this problem with 9.1.

    However, our first 9.2 we deployed in another environment with a fully fledged Exchange 2010, this doesn't seem to have a problem??

    2014:06:11-09:25:36 FEZI_SophosUTM reverseproxy: [Wed Jun 11 09:25:36.550093 2014] [security2:error] [pid 6177:tid 4063656816] [client 101.167.38.124] ModSecurity: Warning. Pattern match "(^[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98;]+|[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98;]+$)" at REQUEST_COOKIES:cadata. [file "/usr/apache/conf/waf/modsecurity_crs_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \x22 found within REQUEST_COOKIES:cadata: \x2224CTK6Y9bTQAYpZ RteE0za4 uV/HN AF UF8iGSpLAzVpVTKLe1tQmVjSTL0/MPRWe8WWdkY I4HLd9oehfxlMk YKpJ/YH4yViI/I3gFdc=\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "owa.domain.com"] [uri "/owa/ev.owa"] [unique_id "U5eT8MCoAQIAABghwlgAAAAI"]
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?