topic Threat ID 58644 false positives in Advanced Threat Prevention Discussions https://live.paloaltonetworks.com/t5/advanced-threat-prevention/threat-id-58644-false-positives/m-p/424978#M1262 <P>For the past couple weeks we have seen apparent false alerts for Threat ID 58644. The Threat Vault references that this ID is for detection of a PHP shell injection vulnerability in RiteCMS, CVE-202-23934, which was first released 7/28/2020 and last updated 7/20/2021. Since 7/21 we have had repeated alerts under this Threat ID for images and video at Giphy.com, specifically for files giphy.gif, giphy-preview.gif, giphy_s.gif, and giphy.mp4. These are from URLs like:</P><P><A href="https://live.paloaltonetworks.com/" target="_blank">&nbsp; https://media1.giphy.com/media/&lt;alphanum&gt;/giphy.gif?cid=&lt;alphanum&gt;&amp;rid=giphy.gif&amp;ct=g</A></P><P>&nbsp;</P><P>All have scanned as benign and appear to be GIFs inserted into chats and discussions from various sources. Is anyone else seeing this and can confirm?</P> Thu, 05 Aug 2021 22:00:48 GMT Adrian_Jensen 2021-08-05T22:00:48Z Threat ID 58644 false positives https://live.paloaltonetworks.com/t5/advanced-threat-prevention/threat-id-58644-false-positives/m-p/424978#M1262 <P>For the past couple weeks we have seen apparent false alerts for Threat ID 58644. The Threat Vault references that this ID is for detection of a PHP shell injection vulnerability in RiteCMS, CVE-202-23934, which was first released 7/28/2020 and last updated 7/20/2021. Since 7/21 we have had repeated alerts under this Threat ID for images and video at Giphy.com, specifically for files giphy.gif, giphy-preview.gif, giphy_s.gif, and giphy.mp4. These are from URLs like:</P><P><A href="https://live.paloaltonetworks.com/" target="_blank">&nbsp; https://media1.giphy.com/media/&lt;alphanum&gt;/giphy.gif?cid=&lt;alphanum&gt;&amp;rid=giphy.gif&amp;ct=g</A></P><P>&nbsp;</P><P>All have scanned as benign and appear to be GIFs inserted into chats and discussions from various sources. Is anyone else seeing this and can confirm?</P> Thu, 05 Aug 2021 22:00:48 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/threat-id-58644-false-positives/m-p/424978#M1262 Adrian_Jensen 2021-08-05T22:00:48Z