AWS Servers trigger Vulnerability

Reply
Highlighted
L3 Networker

AWS Servers trigger Vulnerability

We are seeing a high number of HTTP Non RFC-Compliant Response Found

Signature ID : 32880  CVE-2010-2561

 

All are logged from aws servers, evenly distributed across a large number of servers - 173 in one hour, each with 300-500 hits.  I have packet captured the vulnerability and it is logging a seemingly innocuous XML file.

 

I suspect this is not a problem, but is something amazon have set up on their servers which is causing false positives against this signature.

 

the data returned is this:

<? xml version="1.0 "?>

<cross-domain-policy>

<allow-access-from domain="*" to-ports="*" />

</cross-domain-policy>

 

It's not causing a problem, but it's showing as more than 25% of all my vulnerabilities so it's masking other issues.


Do PAN watch this?  If not how do we feed back regarding signatures?


Accepted Solutions
Highlighted
L4 Transporter

Best way I know is open a case requesting a false positive analysis.

 

Regards,

View solution in original post


All Replies
Highlighted
L4 Transporter

Best way I know is open a case requesting a false positive analysis.

 

Regards,

View solution in original post

L3 Networker

Thanks, that's what I expected and now having phrased my question correctly, my support partner is doing just that.

 

Regards

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!