Skip main navigation (Press Enter).

Imperva Cyber Community

View Only

Back to discussions

Expand all | Collapse all

About CVE-2013-6227 policy related issues

Yifan Yuan06-28-2022 10:37

Recently, when I was testing the policy, I was testing the CVE-2013-6227 ，I find that the strategy is ...

Sarah Lamont06-28-2022 12:40

Hey Yifan, Thanks for your post. I think this is one for our support team, so I recommend you raise ...

1. About CVE-2013-6227 policy related issues

Like
Yifan Yuan
Posted 06-28-2022 10:37
Recently, when I was testing the policy, I was testing the CVE-2013-6227，I find that the strategy is not well written，

This policy is triggered when the url include "plugins/editor.zoho/agent/save_zoho.php" ，and the Parameter name "content" Match Operation is "Does not Match Regular Expression" Value"is "xls|xlsx|ods|sxc|csv|tsv|ppt|pps|odp|sxi|doc|docx|rtf|odt|sxw"
So i Constructed a request that triggered it and it work，is intercepted intermediately by WAF，

But I added the 'xls|xlsx|ods|sxc|csv|tsv|ppt|pps|odp|sxi|doc|docx|rtf|odt|sxw'Any one of them to the file name，WAF will not intercept，I want to check whether the location should be in the file extension，Or it will be bypassed.

#AllImperva
#AttackAnalytics
#On-PremisesWAF(formerlySecuresphere)

------------------------------
Yifan Yuan
SE
shenzhen
------------------------------
2. RE: About CVE-2013-6227 policy related issues

Like
Sarah Lamont
Posted 06-28-2022 12:40
Hey Yifan,

Thanks for your post.
I think this is one for our support team, so I recommend you raise a ticket on the support portal.
Our support team work closely with our threat research team on CVEs such as these so this feedback is really helpful.

Thanks,

------------------------------
Sarah Lamont(csp)
Digital Community Manager
------------------------------

Powered by Higher Logic

Global message icon