Skip to content

fix: FPs related to maxDB information leakage #4382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
azurit merged 9 commits into from
Jan 25, 2026
+22 −1
Merged

fix: FPs related to maxDB information leakage #4382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
b4cfa5c
Update RESPONSE-951-DATA-LEAKAGES-SQL.conf
azurit Dec 11, 2025
2ecb16d
Add regression test for maxDB SQL information leakage
azurit Dec 11, 2025
0172d05
Merge branch 'main' into MaxDBFP
azurit Dec 18, 2025
88cc583
Merge branch 'main' into MaxDBFP
azurit Dec 25, 2025
77705cd
Merge branch 'main' into MaxDBFP
azurit Jan 7, 2026
e6a411a
Merge branch 'main' into MaxDBFP
fzipi Jan 16, 2026
03f6998
Update tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml
fzipi Jan 18, 2026
ba5e79e
Merge branch 'main' into MaxDBFP
azurit Jan 25, 2026
cc58b8a
Merge branch 'main' into MaxDBFP
fzipi Jan 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,7 @@ SecRule RESPONSE_BODY "@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"

SecRule RESPONSE_BODY "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)" \
SecRule RESPONSE_BODY "@rx (?i)Warning.{1,10}maxdb[\(\)_a-z:]{1,26}:" \
Comment thread
fzipi marked this conversation as resolved.
"id:951210,\
phase:4,\
block,\
Expand Down
21 changes: 21 additions & 0 deletions tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,24 @@ tests:
output:
log:
expect_ids: [951210]
- test_id: 2
desc: "Matching maxDB SQL Information Leakage with double colon syntax"
stages:
- input:
dest_addr: "127.0.0.1"
port: 80
headers:
Host: "localhost"
User-Agent: "OWASP CRS test agent"
Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
Accept-Encoding: "gzip,deflate"
Accept-Language: "en-us,en;q=0.5"
Content-Type: "application/json"
method: "POST"
version: "HTTP/1.1"
uri: "/reflect"
data: |-
{"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: maxdb::query(): -4004 POS(15) Unknown table name:CALCULATE_RETURN [42000]"}
output:
log:
expect_ids: [951210]
Loading