Triggering CVE-2014-5347 in ModSecurity plugin

  • Alex Angas

    (@arangas)


    8 years ago

    Hello,

    Just a heads up that trying to configure the Disqus Settings is causing a 403 error on my web host. The error they’re getting is:

    [Tue Feb 7 18:32:07 2017] [error] [client 1.124.49.126] ModSecurity: Access denied with code 403, [Rule: ‘&SESSION:backend’ ‘!@eq 1’] [id “222214”] [msg “COMODO WAF: CSRF vulnerability in Disqus Comment System plugin before 2.76 for WordPress (CVE-2014-5347)”]

    This is a new install of WordPress and the DCL plugin. I haven’t previously installed the Disqus plugin first and I don’t think my web host has either.

    They have whitelisted the issue but thought you might like to know. I don’t know what check ModSecurity is performing and can’t work out how to determine that.

    Thanks and I’m looking forward to trying out your plugin!

Viewing 1 replies (of 1 total)
  • Plugin Author Joel James

    (@joelcj91)

    Hi @arangas,

    Warning message says CSRF vulnerability found in Disqus version 2.76 and above. We are using Disqus version 2.84 in our plugin. This issue was fixed from version 2.76.

Viewing 1 replies (of 1 total)
  • The topic ‘Triggering CVE-2014-5347 in ModSecurity plugin’ is closed to new replies.