This project is archived and is in readonly mode.
Rails 2.1.0: mod_security reports a Response Splitting Attack
Reported by Christian Nolte | July 24th, 2008 @ 03:45 PM | in 2.x
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I use the apache proxy to forward traffic to mongrel. The apache has
mod_security enabled and since I made an update to Rails 2.1.0
mod_security blocks access with the following message:
[24/Jul/2008:16:13:36 +0200]
[myhost/sid#988eef8][rid#a29a550][/myapp/][1] Access denied with code
400 (phase 2). Pattern match "%0[ad]" at REQUEST_HEADERS:Cookie. [id
"950910"] [msg "HTTP Response Spli
tting Attack. Matched signature <%0a>"] [severity "ALERT"]
I don't know what exactly is causing this. I am using
restful_authentication.
- --
For more than 4 generations the IT Professionals were the guardians
of quality and stability in software. Before the dark times.
Before Microsoft...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFIiJVOCNjA0nfhW7wRAi9pAKDCfFflgAQHMHw2iY1+ny69x80zsACg/1Zj
N/boFouoMwWM/rBvztgjCSM=
=sWDa
-----END PGP SIGNATURE-----
Comments and changes to this ticket
-
Pratik July 24th, 2008 @ 04:28 PM
- State changed from “new” to “invalid”
- Tag cleared.
-
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
Christian Nolte
Pratik