topic Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt in General Topics https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/4701#M3467 <HTML><HEAD></HEAD><BODY><P>Hey Gafrol and <A href="https://live.paloaltonetworks.com/u1/6808">cheon</A></P><P></P><P>They both share the same internal bug ID 45996.</P><P></P><P>According to the notes, they found three different variations of this vulnerability and split it into three different threat IDs. 30852 35090 and 35107. This was shipped out with content version 337. Yes, the cover the same threat but cover different variations, apparently. </P><P></P><P>Thanks!</P></BODY></HTML> Wed, 08 Jul 2015 18:57:52 GMT mmmccorkle 2015-07-08T18:57:52Z Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/4699#M3465 <HTML><HEAD></HEAD><BODY><P>Is this a duplicate or does anybody know what the difference between those two Threat ID's is ?</P><P></P><P>Cheers Roland</P></BODY></HTML> Wed, 09 Apr 2014 08:39:53 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/4699#M3465 gafrol 2014-04-09T08:39:53Z Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/4700#M3466 <HTML><HEAD></HEAD><BODY><P>Did you find it out why there are two threat IDs?</P><P>If yes, please let me know it.</P><P></P><P>Thanks,</P><P>KC Lee</P></BODY></HTML> Wed, 08 Jul 2015 08:20:33 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/4700#M3466 KiCheon.Lee 2015-07-08T08:20:33Z Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/4701#M3467 <HTML><HEAD></HEAD><BODY><P>Hey Gafrol and <A href="https://live.paloaltonetworks.com/u1/6808">cheon</A></P><P></P><P>They both share the same internal bug ID 45996.</P><P></P><P>According to the notes, they found three different variations of this vulnerability and split it into three different threat IDs. 30852 35090 and 35107. This was shipped out with content version 337. Yes, the cover the same threat but cover different variations, apparently. </P><P></P><P>Thanks!</P></BODY></HTML> Wed, 08 Jul 2015 18:57:52 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/4701#M3467 mmmccorkle 2015-07-08T18:57:52Z Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/4702#M3468 <HTML><HEAD></HEAD><BODY><P>Hello mmmccorkle,</P><P></P><P>Thanks for your kind answer.</P><P></P><P>I have a question more deep.</P><P>What about below threats?</P><P></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;">1) RIG Exploit Kit Detection (36683, 37561)</SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;">2) WGeneric.Gen Command and Control Traffic (13621, 14210)</SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;">3) Suspicious.Gen Command And Control Traffic (14035, 14137, 14155)</SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;">4) ANGLER Exploit Kit Detection (37744, 37796)</SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;"><BR /></SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;">These threat-IDs are also same each other.</SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;"><BR /></SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;">Thanks,</SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;">KC Lee<BR /></SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;"><BR /></SPAN></P><P style="font-size: 12pt; font-family: 굴림; color: #222222;"><SPAN lang="EN-US" style="font-size: 10pt; font-family: 돋움;"><BR /></SPAN></P></BODY></HTML> Fri, 17 Jul 2015 06:40:32 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/4702#M3468 KiCheon.Lee 2015-07-17T06:40:32Z Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/525569#M108690 <P>What about below threats?</P> <P><SPAN>1) RIG Exploit Kit Detection (36683, 37561)</SPAN></P> <P><SPAN>2) WGeneric.Gen Command and Control Traffic (13621, 14210)</SPAN></P> <P><SPAN>3) Suspicious.Gen Command And Control Traffic (14035, 14137, 14155)</SPAN></P> <P><SPAN>4) ANGLER Exploit Kit Detection (37744, 37796)</SPAN></P> <P><BR />Do you have any of those&nbsp;<STRONG>Threat ID </STRONG>Guide or Definition, it's will make me easeir to understand the Threat.</P> Sat, 31 Dec 2022 09:24:55 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/525569#M108690 Aryanto 2022-12-31T09:24:55Z Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/525721#M108708 <P>Good day, Men! I'm new to the group and I'll be using this thread to keep tabs on any developments about the creation of duplicate Threat IDs; for the life of me, I can't figure out how to get a second Threat ID.&nbsp;@<A href="https://zinitevi.info/" target="_self">zinitevi</A></P> Sun, 19 Feb 2023 15:46:04 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/525721#M108708 BenHA2D 2023-02-19T15:46:04Z Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/566530#M114490 <P>HI,</P> <P>I have a query: why was this alert ('HTTP /etc/passwd Access Attempt' generated by PAN NGFW) triggered?</P> <P>&nbsp;</P> Tue, 21 Nov 2023 15:57:56 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-id-30852-and-35107-http-etc-passwd-access-attempt/m-p/566530#M114490 NikhilKulkarni 2023-11-21T15:57:56Z