Traffic pattern of threat ID 38643

Reply
L0 Member

Traffic pattern of threat ID 38643

Wavelink Emulation License Server HTTP Header Processing Heap Buffer Overflow Vulnerability' generated by PAN NGFW detected on host 10.10.10.1. " Vulnerability Exploit Detection (hostname:8081/)"

We have customer asking what is the traffic pattern that triggers this.
What is the traffic pattern that triggers this alert?
We are trying to narrow down what is causing this alert to occur.
Server is running Microsoft master data services on port 8081.
There is no Wavelink software installed.

Customer Comments: "we are running MS SQL server enterprise (2016) on this server,
The component which is used is Microsoft master data services (MDS), this comes as part of the SQL server installation."

Tags (1)
L4 Transporter

Re: Traffic pattern of threat ID 38643

Palo Alto Networks does not provide the intellectual property of how their signature are created.


If you feel this is a false positive, please feel free to whitelist this ID number, while opening a ticket with PANW support to determine root cause.

 

The forum members here would not be able to complete your request for what the pattern would look like.

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!