Nextcloud version : 20.0.5
Operating system and version: Ubuntu 18.04.4 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache 2 (unsure of full version)
PHP version: PHP 7.4.11
The issue you are facing:
I’m running a small (3 user) instance on Dreamhost. Starting some time yesterday I stopped being able to sync calendars or contacts at all. I was running 19.0.4.2 but my first troubleshooting step was to upgrade to 20.0.5
-
When Dav5x (Android) tries to sync, I see “HTTP 500 Internal Server Error” for each calendar and deck that is syncing. The full debug log is below.
-
Running vdirsyncer sync from my laptop I get the same:
error: Unknown error occured for cards/contacts: 500 Server Error: Internal Server Error for url: https://example.com/nextcloud/remote.php/carddav/addressbooks/amanda/contacts/
Is this the first time you’ve seen this error? (Y/N): Y
When I visit index.php/settings/admin/overview I see an error about my web dav interface:
Your web server is not yet properly set up to allow file synchronization, because the WebDAV interface seems to be broken.
This is the Debug info from Android:
--- BEGIN DEBUG INFO ---
SYNCHRONIZATION INFO
Account: Account {name=phone+user@example.com, type=bitfire.at.davdroid}
Authority: com.android.calendar
EXCEPTION
at.bitfire.dav4jvm.exception.HttpException: HTTP 500 Internal Server Error
at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:5)
at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:3)
at at.bitfire.dav4jvm.DavResource.processMultiStatus(DavResource.kt:1)
at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:11)
at at.bitfire.davdroid.syncadapter.CalendarSyncManager$queryCapabilities$1.invoke(CalendarSyncManager.kt:3)
at at.bitfire.davdroid.syncadapter.CalendarSyncManager$queryCapabilities$1.invoke(CalendarSyncManager.kt:1)
at at.bitfire.davdroid.syncadapter.SyncManager.remoteExceptionContext(SyncManager.kt:1)
at at.bitfire.davdroid.syncadapter.SyncManager.remoteExceptionContext(SyncManager.kt:8)
at at.bitfire.davdroid.syncadapter.CalendarSyncManager.queryCapabilities(CalendarSyncManager.kt:1)
at at.bitfire.davdroid.syncadapter.SyncManager$performSync$1.invoke(SyncManager.kt:6)
at at.bitfire.davdroid.syncadapter.SyncManager$performSync$1.invoke(SyncManager.kt:1)
at at.bitfire.davdroid.syncadapter.SyncManager.unwrapExceptions(SyncManager.kt:1)
at at.bitfire.davdroid.syncadapter.SyncManager.performSync(SyncManager.kt:5)
at at.bitfire.davdroid.syncadapter.CalendarsSyncAdapterService$CalendarsSyncAdapter.sync(CalendarsSyncAdapterService.kt:14)
at at.bitfire.davdroid.syncadapter.SyncAdapterService$SyncAdapter.onPerformSync(SyncAdapterService.kt:13)
at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:334)
HTTP REQUEST
Request{method=PROPFIND, url=http://example.com/nextcloud/remote.php/dav/calendars/amanda/contact_birthdays/, headers=[Depth:0, Accept-Encoding:br,gzip]}
<?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><supported-report-set /><n0:getctag xmlns:n0="http://calendarserver.org/ns/" /><sync-token /></prop></propfind>
HTTP RESPONSE
Response{protocol=http/1.1, code=500, message=Internal Server Error, url=http://example.com/nextcloud/remote.php/dav/calendars/amanda/contact_birthdays/}
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at
webmaster@example.com to inform them of the time this error occurred,
and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>
REMOTE RESOURCE
http://example.com/nextcloud/remote.php/dav/calendars/amanda/contact_birthdays/
SOFTWARE INFORMATION
┌───────────────────────────────────┬────────────────────────────────────┬────────────┬─────────────────────────────────────┬───────┐
│ Package │ Version │ Code │ Installer │ Notes │
├───────────────────────────────────┼────────────────────────────────────┼────────────┼─────────────────────────────────────┼───────┤
│ at.bitfire.davdroid │ 3.3.7-ose │ 303070006 │ com.google.android.packageinstaller │ │
│ org.dmfs.tasks │ 1.2.4 │ 78500 │ com.google.android.packageinstaller │ │
│ com.android.providers.contacts │ 10 │ 29 │ — │ │
│ com.android.providers.calendar │ 10 │ 29 │ — │ │
│ com.google.android.contacts │ 3.36.3.346104542 │ 2505256 │ com.android.vending │ │
│ com.google.android.calendar │ 2020.48.5-347345946-release │ 2016847058 │ com.android.vending │ │
│ com.google.android.apps.messaging │ 7.0.039 (Groot_RC09.phone_dynamic) │ 70039000 │ com.android.vending │ │
└───────────────────────────────────┴────────────────────────────────────┴────────────┴─────────────────────────────────────┴───────┘
SYSTEM INFORMATION
Android version: 10 (QPMS30.80-63-6-8-3)
Device: motorola moto g power (sofia)
Locale(s): [en_US]
CONNECTVITY
☒ [ Transports: WIFI Capabilities: NOT_METERED INTERNET NOT_RESTRICTED TRUSTED NOT_VPN VALIDATED NOT_ROAMING FOREGROUND NOT_CONGESTED NOT_SUSPENDED LinkUpBandwidth>=1048576Kbps LinkDnBandwidth>=1048576Kbps SignalStrength: -69]
☐ [ Transports: CELLULAR Capabilities: IMS NOT_METERED TRUSTED NOT_VPN VALIDATED NOT_ROAMING FOREGROUND NOT_CONGESTED NOT_SUSPENDED LinkUpBandwidth>=14Kbps LinkDnBandwidth>=14Kbps Specifier: <1>]
Data saver: disabled
CONFIGURATION
Power saving disabled: yes
System-wide synchronization: automatically
Notifications:
- sync isBlocked=false
* syncProblems: importance=3
* syncIoErrors: importance=1
* syncWarnings: importance=2
- general: importance=3
- debug: importance=4
Permissions:
- ACCESS_NETWORK_STATE: granted
- ACCESS_WIFI_STATE: granted
- INTERNET: granted
- READ_SYNC_SETTINGS: granted
- READ_SYNC_STATS: granted
- WRITE_SYNC_SETTINGS: granted
- RECEIVE_BOOT_COMPLETED: granted
- REQUEST_IGNORE_BATTERY_OPTIMIZATIONS: granted
- READ_CONTACTS: granted
- WRITE_CONTACTS: granted
- READ_CALENDAR: granted
- WRITE_CALENDAR: granted
- ACCESS_COARSE_LOCATION: denied
- ACCESS_FINE_LOCATION: denied
- ACCESS_BACKGROUND_LOCATION: denied
- org.dmfs.permission.READ_TASKS: granted
- org.dmfs.permission.WRITE_TASKS: granted
- org.tasks.permission.READ_TASKS: denied
- org.tasks.permission.WRITE_TASKS: denied
ACCOUNTS
- Account: phone+user@example.com
┌──────────────────────────────────┬────────────┬──────────────────────┬───────────────┐
│ Authority │ isSyncable │ getSyncAutomatically │ Sync interval │
├──────────────────────────────────┼────────────┼──────────────────────┼───────────────┤
│ at.bitfire.davdroid.addressbooks │ 1 │ true │ 240 min │
│ com.android.calendar │ 1 │ true │ 240 min │
│ com.android.contacts │ 0 │ false │ — │
│ org.dmfs.tasks │ 1 │ true │ 240 min │
└──────────────────────────────────┴────────────┴──────────────────────┴───────────────┘
WiFi only: false
Contact group method: GROUP_VCARDS
Time range (past days): 90
Default alarm (min before): null
Manage calendar colors: true
Use event colors: false
* Address book: Contacts (phone+user@example.com zg)
┌────────────┬──────────────────────┬───────────────┐
│ isSyncable │ getSyncAutomatically │ Sync interval │
├────────────┼──────────────────────┼───────────────┤
│ 1 │ true │ 1440 min │
└────────────┴──────────────────────┴───────────────┘
URL: http://example.com/nextcloud/remote.php/dav/addressbooks/users/amanda/contacts/
Read-only: 0
DATABASE DUMP
android_metadata
┌────────┐
│ locale │
├────────┤
│ en_US │
└────────┘
service
┌────┬───────────────────────────────┬─────────┬────────────────────────────────────────────────────────────────────────────┐
│ id │ accountName │ type │ principal │
├────┼───────────────────────────────┼─────────┼────────────────────────────────────────────────────────────────────────────┤
│ 1 │ phone+user@example.com │ carddav │ http://example.com/nextcloud/remote.php/dav/principals/users/amanda/ │
│ 2 │ phone+user@example.com │ caldav │ http://example.com/nextcloud/remote.php/dav/principals/users/amanda/ │
└────┴───────────────────────────────┴─────────┴────────────────────────────────────────────────────────────────────────────┘
sqlite_sequence
┌────────────┬─────┐
│ name │ seq │
├────────────┼─────┤
│ service │ 2 │
│ homeset │ 2 │
│ collection │ 15 │
└────────────┴─────┘
homeset
┌────┬───────────┬──────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────┬──────────┐
│ id │ serviceId │ url │ privBind │ displayName │ personal │
├────┼───────────┼──────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────┼──────────┤
│ 1 │ 2 │ http://example.com/nextcloud/remote.php/dav/calendars/amanda/ │ 1 │ — │ 1 │
│ 2 │ 1 │ http://example.com/nextcloud/remote.php/dav/addressbooks/users/amanda/ │ 1 │ — │ 1 │
└────┴───────────┴──────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────┴──────────┘
collection
┌────┬───────────┬──────────────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┬──────────────────┬────────────┬───────────────┬───────────────────────┬─────────────────────┬───────────┬──────────┬────────────────┬───────────────┬──────────────────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┬──────┬───────────┬───────┐
│ id │ serviceId │ type │ url │ privWriteContent │ privUnbind │ forceReadOnly │ displayName │ description │ color │ timezone │ supportsVEVENT │ supportsVTODO │ supportsVJOURNAL │ source │ sync │ homeSetId │ owner │
├────┼───────────┼──────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼──────────────────┼────────────┼───────────────┼───────────────────────┼─────────────────────┼───────────┼──────────┼────────────────┼───────────────┼──────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼──────┼───────────┼───────┤ │ 2 │ 2 │ CALENDAR │ http://example.com/nextcloud/remote.php/dav/calendars/amanda/birthdays/ │ 1 │ 1 │ 0 │ Repeating Birthdays │ Repeating Birthdays │ -13083 │ — │ 1 │ 1 │ 0 │ — │ 1 │ — │ — │
│ 3 │ 2 │ CALENDAR │ http://example.com/nextcloud/remote.php/dav/calendars/amanda/contact_birthdays/ │ 0 │ 0 │ 0 │ Contact birthdays │ — │ -54 │ — │ 1 │ 0 │ 0 │ — │ 1 │ — │ — │
│ 11 │ 1 │ ADDRESS_BOOK │ http://example.com/nextcloud/remote.php/dav/addressbooks/users/amanda/contacts/ │ 1 │ 1 │ 0 │ Contacts │ — │ — │ — │ — │ — │ — │ — │ 1 │ — │ — │
│ 12 │ 1 │ ADDRESS_BOOK │ http://example.com/nextcloud/remote.php/dav/addressbooks/users/amanda/z-app-generated--contactsinteraction--recent/ │ 0 │ 0 │ 0 │ Recently contacted │ — │ — │ — │ — │ — │ — │ — │ 0 │ — │ — │
└────┴───────────┴──────────────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴──────────────────┴────────────┴───────────────┴───────────────────────┴─────────────────────┴───────────┴──────────┴────────────────┴───────────────┴──────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴──────┴───────────┴───────┘
room_master_table
┌────┬──────────────────────────────────┐
│ id │ identity_hash │
├────┼──────────────────────────────────┤
│ 42 │ b8699ef3cc4c62e8851df4360fb69e00 │
└────┴──────────────────────────────────┘
APP SETTINGS
1. SharedPreferencesProvider canWrite=true
┌────────────────────────┬───────────────┐
│ Setting │ Value │
├────────────────────────┼───────────────┤
│ distrust_system_certs │ false │
│ override_proxy │ false │
│ override_proxy_host │ localhost │
│ override_proxy_port │ 8118 │
│ time_nextDonationPopup │ 1612245082349 │
└────────────────────────┴───────────────┘
2. DefaultsProvider canWrite=false
┌───────────────────────┬───────────┐
│ Setting │ Value │
├───────────────────────┼───────────┤
│ distrust_system_certs │ false │
│ override_proxy │ false │
│ override_proxy_host │ localhost │
│ override_proxy_port │ 8118 │
└───────────────────────┴───────────┘
--- END DEBUG INFO ---
The output of your Nextcloud log in Admin > Logging:
I see a lot of this in my log:
{"reqId":"YAEhyEBFSb8aUXyV6fxZ2wAAAB0","level":3,"time":"2021-01-15T05:02:03+00:00","remoteAddr":"135.180.116.193","user":"amanda","app":"PHP","method":"GET","url":"/nextcloud/index.php/css/user_status/3acc-3385-user-status-menu.css?v=cb0ff4e8f32a364b3dcc4891c6494dc2-a844998a-2","message":"preg_replace(): Allocation of JIT memory failed, PCRE JIT will be disabled. This is likely caused by security restrictions. Either grant PHP permission to allocate executable memory, or set pcre.jit=0 at /home/abh/example/nextcloud/lib/private/DB/AdapterSqlite.php#46","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0","version":"20.0.5.2","id":"60012bed12405"}
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'instanceid' => 'occ7c1677a99',
'passwordsalt' => 'redacted',
'trusted_domains' =>
array (
0 => 'example.com',
1 => 'www.example.com',
),
'datadirectory' => '/home/abh/nextcloud/data',
'overwrite.cli.url' => 'https://example.com/nextcloud',
'dbtype' => 'sqlite3',
'version' => '20.0.5.2',
'installed' => true,
'theme' => '',
'maintenance' => false,
'secret' => 'redacted',
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_from_address' => 'nextcloud',
'mail_domain' => 'example.com',
'mail_smtpauthtype' => 'PLAIN',
'mail_smtphost' => 'mail.example.com',
'mail_smtpauth' => 1,
'mail_smtpport' => '587',
'mail_smtpname' => 'also_redacted',
'mail_smtppassword' => 'redacted',
'loglevel' => 2,
'trashbin_retention_obligation' => 'auto',
'defaultapp' => 'calendar',
'session_lifetime' => 86400,
'updater.release.channel' => 'stable',
);
The output of your Apache/nginx/system log in /var/log/____
:
[Thu Jan 14 21:47:32.343591 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Warning. detected XSS using libinjection. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "55"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS_NAMES:<?xml version: <?xml version"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.343754 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Warning. detected XSS using libinjection. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "55"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS:<?xml version: '1.0' encoding='UTF-8' ?><propfind xmlns=\\x22DAV:\\x22 xmlns:CAL=\\x22urn:ietf:params:xml:ns:caldav\\x22 xmlns:CARD=\\x22urn:ietf:params:xml:ns:carddav\\x22><prop><n0:getctag xmlns:n0=\\x22http://calendarserver.org/ns/\\x22 /><sync-token /></prop></propfind>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.344057 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:!ENTITY\\\\s+(?:\\\\S+|%\\\\s+\\\\S+)\\\\s+(?:PUBLIC|SYSTEM)|x(?:link:href|html|mlns)|data:text/html|pattern\\\\b.*?=|formaction|\\\\@import|;base64)\\\\b" at ARGS:<?xml version. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "144"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: xmlns found within ARGS:<?xml version: '1.0' encoding='UTF-8' ?><propfind xmlns=\\x22DAV:\\x22 xmlns:CAL=\\x22urn:ietf:params:xml:ns:caldav\\x22 xmlns:CARD=\\x22urn:ietf:params:xml:ns:carddav\\x22><prop><n0:getctag xmlns:n0=\\x22http://calendarserver.org/ns/\\x22 /><sync-token /></prop></propfind>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.346512 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "150"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.347383 2021] [:error] [pid 13247:tid 3485835720448] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Warning. Operator GE matched 7 at TX:inbound_anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/RESPONSE-980-CORRELATION.conf"] [line "87"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.806808 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Warning. detected XSS using libinjection. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "55"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS_NAMES:<?xml version: <?xml version"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]
[Thu Jan 14 21:47:32.807000 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Warning. detected XSS using libinjection. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "55"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS:<?xml version: '1.0' encoding='UTF-8' ?><propfind xmlns=\\x22DAV:\\x22 xmlns:CAL=\\x22urn:ietf:params:xml:ns:caldav\\x22 xmlns:CARD=\\x22urn:ietf:params:xml:ns:carddav\\x22><prop><n0:getctag xmlns:n0=\\x22http://calendarserver.org/ns/\\x22 /><sync-token /></prop></propfind>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]
[Thu Jan 14 21:47:32.807306 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:!ENTITY\\\\s+(?:\\\\S+|%\\\\s+\\\\S+)\\\\s+(?:PUBLIC|SYSTEM)|x(?:link:href|html|mlns)|data:text/html|pattern\\\\b.*?=|formaction|\\\\@import|;base64)\\\\b" at ARGS:<?xml version. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "144"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: xmlns found within ARGS:<?xml version: '1.0' encoding='UTF-8' ?><propfind xmlns=\\x22DAV:\\x22 xmlns:CAL=\\x22urn:ietf:params:xml:ns:caldav\\x22 xmlns:CARD=\\x22urn:ietf:params:xml:ns:carddav\\x22><prop><n0:getctag xmlns:n0=\\x22http://calendarserver.org/ns/\\x22 /><sync-token /></prop></propfind>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]
[Thu Jan 14 21:47:32.809765 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "150"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]
[Thu Jan 14 21:47:32.810833 2021] [:error] [pid 13247:tid 3485827327744] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Warning. Operator GE matched 7 at TX:inbound_anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/RESPONSE-980-CORRELATION.conf"] [line "87"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]