Kaseya affected by intrusion prevention rule

Big D · 07-15-2011, 01:35 PM

Disabling this rule.

#8734: WEB-PHP Pajax arbitrary command execution attempt.

Issue described by other engineers is slow access and timeout issues when accessing Kaseya and navigating the menu options. (machine agent connections to the server don't appear affected)

Believe another post mentioned this rule affecting some webmail portals and web interfaces as well.

sky-knight · 07-15-2011, 02:18 PM

I've had a programmer buddy of mine (RegEx makes my head hurt) look at the regex that is in that rule.

It seems to me to be a bit over broad. A lot like the SOCK5 rule in the protocol control module.

I think Dirk mentioned in a future release that rule was going to default to pass, to prevent these issues.

07-15-2011, 01:35 PM	#1 (permalink)
Big D Master Untangler Join Date: Nov 2008 Posts: 691	Kaseya affected by intrusion prevention rule Disabling this rule. #8734: WEB-PHP Pajax arbitrary command execution attempt. Issue described by other engineers is slow access and timeout issues when accessing Kaseya and navigating the menu options. (machine agent connections to the server don't appear affected) Believe another post mentioned this rule affecting some webmail portals and web interfaces as well. __________________ The beatings shall continue until morale improves!

07-15-2011, 02:18 PM	#2 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,457	I've had a programmer buddy of mine (RegEx makes my head hurt) look at the regex that is in that rule. It seems to me to be a bit over broad. A lot like the SOCK5 rule in the protocol control module. I think Dirk mentioned in a future release that rule was going to default to pass, to prevent these issues. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons