AWS Servers trigger Vulnerability

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

AWS Servers trigger Vulnerability

L4 Transporter

We are seeing a high number of HTTP Non RFC-Compliant Response Found

Signature ID : 32880  CVE-2010-2561

 

All are logged from aws servers, evenly distributed across a large number of servers - 173 in one hour, each with 300-500 hits.  I have packet captured the vulnerability and it is logging a seemingly innocuous XML file.

 

I suspect this is not a problem, but is something amazon have set up on their servers which is causing false positives against this signature.

 

the data returned is this:

<? xml version="1.0 "?>

<cross-domain-policy>

<allow-access-from domain="*" to-ports="*" />

</cross-domain-policy>

 

It's not causing a problem, but it's showing as more than 25% of all my vulnerabilities so it's masking other issues.


Do PAN watch this?  If not how do we feed back regarding signatures?

1 accepted solution

Accepted Solutions

L4 Transporter

Best way I know is open a case requesting a false positive analysis.

 

Regards,

View solution in original post

2 REPLIES 2

L4 Transporter

Best way I know is open a case requesting a false positive analysis.

 

Regards,

Thanks, that's what I expected and now having phrased my question correctly, my support partner is doing just that.

 

Regards

  • 1 accepted solution
  • 4126 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!