Hi Pierre,
Am 07.11.18 um 14:26 schrieb Pierre TEISSONNIERE:
Package: monitoring-plugins-basic
Version: 2.2-3
Severity: normal
Dear Maintainer,
* What led up to the situation ? Using check_http with POST data
* What exactly did you do (or not do) that was effective (or ineffective) ?
check_http is used with POST data to check a web application is answerng
properly
* What was the outcome of this action ? Extra CRLF triggering alarm in WAF
because not complying to RFC
* What outcome did you expect instead ? Packet not blocked by WAF
This is a known bug which could lead to security issues (disabled WAF checks to
allow requests). cf :
https://github.com/nagios-plugins/nagios-plugins/issues/266
I published a new package 2.3.2-1 (to unstable) which tries to solve the
issue. Can you please test it?
Thanks Jan
--
Never write mail to <w...@spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-@ s+:()>- a+ C++++$ UL++++$ P+ L++++$ !E--- W+++$ N+++ o++ K++
!w---? O M+
!V- PS+ PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y+++++
------END GEEK CODE BLOCK------
