Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

Reply
L4 Transporter

Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

Is this a duplicate or does anybody know what the difference between those two Threat ID's is ?

Cheers Roland

Tags (1)
L4 Transporter

Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

Did you find it out why there are two threat IDs?

If yes, please let me know it.

Thanks,

KC Lee

L4 Transporter

Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

Hey Gafrol and cheon

They both share the same internal bug ID 45996.

According to the notes, they found three different variations of this vulnerability and split it into three different threat IDs. 30852 35090 and 35107. This was shipped out with content version 337. Yes, the cover the same threat but cover different variations, apparently.

Thanks!

L4 Transporter

Re: Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

Hello mmmccorkle,

Thanks for your kind answer.

I have a question more deep.

What about below threats?

1) RIG Exploit Kit Detection (36683, 37561)

2) WGeneric.Gen Command and Control Traffic (13621, 14210)

3) Suspicious.Gen Command And Control Traffic (14035, 14137, 14155)

4) ANGLER Exploit Kit Detection (37744, 37796)


These threat-IDs are also same each other.


Thanks,

KC Lee



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!