Imperva Cyber Community

 View Only
  • 1.  About CVE-2013-6227 policy related issues

    Posted 06-28-2022 10:37

    Recently, when I was testing the policy, I was testing the CVE-2013-6227,I find that the strategy is not well written,

    policy  details

    This policy is triggered when the url include "plugins/editor.zoho/agent/save_zoho.php" ,and the Parameter name "content" Match Operation is "Does not Match Regular Expression" Value"is "xls|xlsx|ods|sxc|csv|tsv|ppt|pps|odp|sxi|doc|docx|rtf|odt|sxw"
    So i Constructed a request that triggered it and it work,is intercepted intermediately by WAF,

    Intercepted situation
    AlertBut I added the 'xls|xlsx|ods|sxc|csv|tsv|ppt|pps|odp|sxi|doc|docx|rtf|odt|sxw'Any one of them to the file name,WAF will not intercept,I want to check whether the location should be in the file extension,Or it will be bypassed.
    No interception


    Yifan Yuan

  • 2.  RE: About CVE-2013-6227 policy related issues

    Posted 06-28-2022 12:40

    Hey Yifan,

    Thanks for your post. 
    I think this is one for our support team, so I recommend you raise a ticket on the support portal.
    Our support team work closely with our threat research team on CVEs such as these so this feedback is really helpful.


    Sarah Lamont(csp)
    Digital Community Manager