Hello,
I have activated mod_security in Apache 2.2 and as soon as I activated mod_security I started to receive a lot of error messages saying that there are SQL Injection problems in RoundCube (version 0.9). Do you know something about this? Could be there SQL Injection in RoundCube?
Here you have an extract of the log:
error_log.1:[Sat May 18 12:48:22 2013] [error] [client rr.ss.tt.uu] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:_message. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: -- found within ARGS:_message: xxxxx all\\x0d\\x0a\\x0d\\x0a-- \\x0d\\x0axxxxxxxx\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "oneserver.com"] [uri "/"] [unique_id "UZdcdgoBbS4AABgASUcAAAAG"]
Thank you very much in advance!
Kind regards,
Agustin.