12-02-2015 03:04 AM
We are seeing a high number of HTTP Non RFC-Compliant Response Found
Signature ID : 32880 CVE-2010-2561
All are logged from aws servers, evenly distributed across a large number of servers - 173 in one hour, each with 300-500 hits. I have packet captured the vulnerability and it is logging a seemingly innocuous XML file.
I suspect this is not a problem, but is something amazon have set up on their servers which is causing false positives against this signature.
the data returned is this:
<? xml version="1.0 "?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>
It's not causing a problem, but it's showing as more than 25% of all my vulnerabilities so it's masking other issues.
Do PAN watch this? If not how do we feed back regarding signatures?
12-02-2015 06:29 AM
Best way I know is open a case requesting a false positive analysis.
Regards,
12-02-2015 06:29 AM
Best way I know is open a case requesting a false positive analysis.
Regards,
12-02-2015 07:06 AM
Thanks, that's what I expected and now having phrased my question correctly, my support partner is doing just that.
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
