403 Forbidden Error When Attempting To Save A BML function Or Util Function
(Doc ID 2893601.1)
Last updated on JANUARY 30, 2023
Applies to:
Oracle BigMachines CPQ Cloud Service - Version 22 B and laterInformation in this document applies to any platform.
Symptoms
When attempting to save a BML function or a util function, either a 403 forbidden error will appear on the page or the util function will endlessly process the save. In the modsec_debug_ohs.log an error message will be shown as identified below:
[localhost/sid#e9fe88][rid#7f89f4027cd0][/admin/configuration/rules/edit_config_editor.jsp][1] Access denied with code 403 (phase 2). Pattern match "\\< ?script\\b" at ARGS:config_xml. [file "/bigmac/Oracle/Middleware/latest/user_projects/domains/bm_flmcdev_node1/config/fmwconfig/components/OHS/instances/cpqOHS/modsecurity/modsecurity_crs_41_xss_attacks.conf"] [line "191"] [id "958051"] [rev "2"]
[msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: <script found within ARGS:config_xml: <?xml version=\x221.0\x22 encoding=\x22utf-8\x22?><configuration> <user_info> <session_id>null</session_id> <user_id>null</user_id> <user_organization>null</user_organization> </user_info> <configureresponse> <item> <segment>xxx</segment> <product_line>xxxx</product_line> <model>xxxx</model> </item> <price_book> <variable_name>_default_price_book</variable_name> <partner_price_book_id/> </price_book> <attributes> <attribute _variablename=\x2..."]
[severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [t
Changes
N/A
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |