Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App blocked by OWASP Modsecurity Standard Rules #4784

Open
GutHib opened this issue Mar 6, 2025 · 0 comments
Open

App blocked by OWASP Modsecurity Standard Rules #4784

GutHib opened this issue Mar 6, 2025 · 0 comments
Labels
0. Needs triage bug Something isn't working

Comments

@GutHib
Copy link

GutHib commented Mar 6, 2025

Steps to reproduce

I'm currently unable to use the app, as the chat overview will load, but once you choose an actual conversation, I can't see any messages. Turns out that the app is blocked by the OWASP Modsecurity Core Rules (https://github.com/coreruleset/coreruleset).

        "message": "Remote Command Execution: Direct Unix Command Execution",
        "details": {
          "match": "Matched \"Operator `Rx' with parameter `(?i)(?:^|b[\\\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\\\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\\\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)? (4180 characters omitted)' against variable `ARGS_NAMES:lastCommonReadId' (Value: `lastCommonReadId' )",
          "reference": "o0,8v49,16",
          "ruleId": "932260",
          "file": "/etc/modsecurity.d/REQUEST-932-APPLICATION-ATTACK-RCE.conf",
          "lineNumber": "519",
          "data": "Matched Data: lastComm found within ARGS_NAMES:lastCommonReadId: lastCommonReadId",
          "severity": "2",
          "ver": "OWASP_CRS/4.10.0",
          "rev": "",
          "tags": [
            "application-multi",
            "language-shell",
            "platform-unix",
            "attack-rce",
            "paranoia-level/1",
            "OWASP_CRS",
            "capec/1000/152/248/88",
            "PCI/6.5.2"
          ],
          "maturity": "0",
          "accuracy": "0"
        }
      }

Expected behaviour

Not sure if this is a bug, but it will surely affect others, and maybe changes can be made so it doesn't trigger those rules.

Actual behaviour

In the web browser, everything works just fine, so it's surely possible to access Nextcloud Talk so it doesn't sound all alarms. If you feel the app is just exactly what it should be doing, then kindly move it to feature requests.

Device brand and model

Irrelevant

Android version

11

Nextcloud Talk app version

Newest from Google Play

Nextcloud server version

No response

Talk version

No response

Custom Signaling server configured

None

Custom TURN server configured

None

Custom STUN server configured

None

Android logs

No response

Server log



Additional information


No response

      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @GutHib
GutHib




            added
      

  0. Needs triage


      

  bug

  Something isn't working

  labels


      Mar 6, 2025

    

  












  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    0. Needs triage

  

    bug

  Something isn't working








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    

      
        

          
    

    Development
  




            
    
No branches or pull requests







      
    

  




      

    

  
      

  

    

      1 participant
    

    

        
          @GutHib