I have a moodle instalation.So I login as admin and when I try to access the users profile,I have an access forbiden page.I can do “edit” the users
I saw the log files, at plesk, that write this,what is wrong?
ModSecurity: Access denied with code 403 (phase 4). Match of “rx <spanclass=\“badge\\-name\”>[a-z0-9\\.'\\!\\:\\-]+<\\/a><\\/li>” against “RESPONSE_BODY” required. [file “/etc/httpd/conf/modsecurity.d/rules/comodo/32_Apps_OtherApps.conf”] [line “1089”] [id “240210”] [rev “1”] [msg “COMODO WAF: Multiple XSS vulnerabilities in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4 (CVE-2014-3547)||mysite.com|F”] [hostname “mysite.com”] [uri “/dc4ac/user/profile.php”] [unique_id “V-TcNbUY-z2QZ23F9cczFAAAAHg”]
Your server has ModSecurity loaded and it believes it has detected a threat. You may need to disable the rule that is causing the problem.
I don’t know Moodle but are you running the latest version? The error message seems to suggest to me that the problem wouldn’t occur with version 2.6.4 or later.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.