Traffic pattern of threat ID 38643

JuusoMartin — Fri, 15 Nov 2019 09:28:56 GMT

Wavelink Emulation License Server HTTP Header Processing Heap Buffer Overflow Vulnerability' generated by PAN NGFW detected on host 10.10.10.1. " Vulnerability Exploit Detection (hostname:8081/)"

We have customer asking what is the traffic pattern that triggers this.
What is the traffic pattern that triggers this alert?
We are trying to narrow down what is causing this alert to occur.
Server is running Microsoft master data services on port 8081.
There is no Wavelink software installed.

Customer Comments: "we are running MS SQL server enterprise (2016) on this server,
The component which is used is Microsoft master data services (MDS), this comes as part of the SQL server installation."

Re: Traffic pattern of threat ID 38643

S.Cantwell — Fri, 15 Nov 2019 20:22:51 GMT

Palo Alto Networks does not provide the intellectual property of how their signature are created.

If you feel this is a false positive, please feel free to whitelist this ID number, while opening a ticket with PANW support to determine root cause.

The forum members here would not be able to complete your request for what the pattern would look like.

topic Re: Traffic pattern of threat ID 38643 in General Topics

Traffic pattern of threat ID 38643

Re: Traffic pattern of threat ID 38643