https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/433258#M1314 <P><U><FONT color="#333333">An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the request object was not reset between requests.</FONT></U></P><P>&nbsp;</P><P><FONT color="#333333"><A href="https://apps.apple.com/us/app/dinar-guru-top-dinar-recaps/id1581089419" target="_self"><FONT color="#333333">Dinar Guru</FONT></A></FONT></P> Sat, 11 Sep 2021 09:06:34 GMT Gregg65 2021-09-11T09:06:34Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/353103#M959 <P>RE:&nbsp;<SPAN>'Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by PAN NGFW detected on host foo-wrkXXX involving user foo\User.Name</SPAN></P><P><SPAN>-- Unique Threat ID: 59026</SPAN></P><P>&nbsp;</P><P><SPAN>I am wondering if others are seeing this Alert generated due to what appears to be mostly client updates of OneNote (and perhaps other cloud apps). Looking at the threat ID, I see it was released on 13 Aug and as of today, there has not been an update to it.</SPAN></P><P>&nbsp;</P><P>Have a client that since 17 Aug, has generated 54 Incidents in Cortex. &nbsp;As we do not manage or have access client Panorama to change Profile and perhaps disable this alert for outbound client connectivity, wondering if perhaps others have seen it and have a PCAP sent to PANW so that they can update the signature to be more effective?</P> Wed, 30 Sep 2020 19:18:33 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/353103#M959 KRisselada 2020-09-30T19:18:33Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/401554#M1131 <P>We are also seeing this error tied to M365. Client reports that they have issues logging in and updating OneNote.</P> Fri, 23 Apr 2021 17:32:47 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/401554#M1131 GFrostad 2021-04-23T17:32:47Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/423334#M1259 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/136463">@KRisselada</a>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/123343">@GFrostad</a>,</P><P>&nbsp;</P><P>Did you ever find a resolution to this issue?</P><P>&nbsp;</P><P>I have a client that seems to be experiencing the same issue, when redistributing note's in One Note on MAC iOS Mojave. Client advised they updated a machine to iOS Vigsur and the issue was fixed on that machine. Windows 10 machine seem to be unaffected.&nbsp;</P> Fri, 30 Jul 2021 05:35:37 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/423334#M1259 Ben-Price 2021-07-30T05:35:37Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/430410#M1293 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/181759">@Ben-Price</a>&nbsp;sorry just realizing this was asked.&nbsp; Actually we applied a Incident Exception, so we stopped having it generated for what appears to be "normal" behaivor.</P> Tue, 31 Aug 2021 13:28:54 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/430410#M1293 KRisselada 2021-08-31T13:28:54Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/430622#M1294 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/166820">@KRisselada</a>&nbsp;Thanks for the feedback.&nbsp;</P> Tue, 31 Aug 2021 23:06:31 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/430622#M1294 Ben-Price 2021-08-31T23:06:31Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/433258#M1314 <P><U><FONT color="#333333">An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the request object was not reset between requests.</FONT></U></P><P>&nbsp;</P><P><FONT color="#333333"><A href="https://apps.apple.com/us/app/dinar-guru-top-dinar-recaps/id1581089419" target="_self"><FONT color="#333333">Dinar Guru</FONT></A></FONT></P> Sat, 11 Sep 2021 09:06:34 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/apache-tomcat-websocket-denial-of-service-vulnerability/m-p/433258#M1314 Gregg65 2021-09-11T09:06:34Z