Possible false positives - ASP.Net Information Leak Vulnerability

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Possible false positives - ASP.Net Information Leak Vulnerability

L0 Member

Starting on September 4th we've been seeing multiple "ASP.Net Information Leak Vulnerability" warnings in our logs. They are showing as originating from multiple sources within our internal network. Malware scans come up with nothing on these workstations and we haven't made any changes to anything. Is anyone else seeing these?

1 REPLY 1

L5 Sessionator

Hello ,

Microsoft ASP.Net Information Leak brute force Attempt alert Threat Id : 40022 is looking for 40 events of Signature 33435 (

ASP.Net Information Leak Vulnerability) in 30 seconds, which is looking for HTTP 500 and an X-Powered-By: ASP.NET in the response header.

More information is available at :

http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx

Note : This is often a false positive due to a proxy or misconfigured ASP scripts.

For Future Reference :

To report a false positive ,please open a case with Support providing information listed with following article:

https://live.paloaltonetworks.com/docs/DOC-2769

-Ameya

  • 2303 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!