https://live.paloaltonetworks.com/t5/general-topics/possible-false-positives-asp-net-information-leak-vulnerability/m-p/25470#M18571 <HTML><HEAD></HEAD><BODY><P>Starting on September 4th we've been seeing multiple "ASP.Net Information Leak Vulnerability" warnings in our logs. They are showing as originating from multiple sources within our internal network. Malware scans come up with nothing on these workstations and we haven't made any changes to anything. Is anyone else seeing these?</P></BODY></HTML> Fri, 14 Sep 2012 14:24:42 GMT hydraflow 2012-09-14T14:24:42Z https://live.paloaltonetworks.com/t5/general-topics/possible-false-positives-asp-net-information-leak-vulnerability/m-p/25470#M18571 <HTML><HEAD></HEAD><BODY><P>Starting on September 4th we've been seeing multiple "ASP.Net Information Leak Vulnerability" warnings in our logs. They are showing as originating from multiple sources within our internal network. Malware scans come up with nothing on these workstations and we haven't made any changes to anything. Is anyone else seeing these?</P></BODY></HTML> Fri, 14 Sep 2012 14:24:42 GMT https://live.paloaltonetworks.com/t5/general-topics/possible-false-positives-asp-net-information-leak-vulnerability/m-p/25470#M18571 hydraflow 2012-09-14T14:24:42Z https://live.paloaltonetworks.com/t5/general-topics/possible-false-positives-asp-net-information-leak-vulnerability/m-p/25471#M18572 <HTML><HEAD></HEAD><BODY><P>Hello ,</P><P>Microsoft ASP.Net Information Leak brute force Attempt alert Threat Id : 40022 is looking for 40 events of Signature 33435 (</P><P>ASP.Net Information Leak Vulnerability) in 30 seconds, which is looking for HTTP 500 and an X-Powered-By: ASP.NET in the response header.</P><P></P><P>More information is available at :</P><P><A class="jive-link-external-small" href="http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx">http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx</A></P><P></P><P><STRONG>Note : This is often a false positive due to a proxy or misconfigured ASP scripts. </STRONG></P><P></P><P>For Future Reference :</P><P></P><P>To report a false positive ,please open a case with Support providing information listed with following article:</P><P><A _jive_internal="true" data-containerid="2027" data-containertype="14" data-objectid="2769" data-objecttype="102" href="https://live.paloaltonetworks.com/docs/DOC-2769">https://live.paloaltonetworks.com/docs/DOC-2769</A></P><P></P><P>-Ameya</P></BODY></HTML> Fri, 14 Sep 2012 20:04:23 GMT https://live.paloaltonetworks.com/t5/general-topics/possible-false-positives-asp-net-information-leak-vulnerability/m-p/25471#M18572 UhMayYeah 2012-09-14T20:04:23Z