Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  About CVE-2013-6227 policy related issues

    Posted 06-28-2022 10:37

    Recently, when I was testing the policy, I was testing the CVE-2013-6227,I find that the strategy is not well written,

    policy  details

    This policy is triggered when the url include "plugins/editor.zoho/agent/save_zoho.php" ,and the Parameter name "content" Match Operation is "Does not Match Regular Expression" Value"is "xls|xlsx|ods|sxc|csv|tsv|ppt|pps|odp|sxi|doc|docx|rtf|odt|sxw"
    So i Constructed a request that triggered it and it work,is intercepted intermediately by WAF,

    Intercepted situation
    AlertBut I added the 'xls|xlsx|ods|sxc|csv|tsv|ppt|pps|odp|sxi|doc|docx|rtf|odt|sxw'Any one of them to the file name,WAF will not intercept,I want to check whether the location should be in the file extension,Or it will be bypassed.
    No interception


    #AllImperva
    #AttackAnalytics
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Yifan Yuan
    SE
    shenzhen
    ------------------------------


  • 2.  RE: About CVE-2013-6227 policy related issues

    Posted 06-28-2022 12:40

    Hey Yifan,

    Thanks for your post. 
    I think this is one for our support team, so I recommend you raise a ticket on the support portal.
    Our support team work closely with our threat research team on CVEs such as these so this feedback is really helpful.

    Thanks,



    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------