09-14-2012 07:24 AM
Starting on September 4th we've been seeing multiple "ASP.Net Information Leak Vulnerability" warnings in our logs. They are showing as originating from multiple sources within our internal network. Malware scans come up with nothing on these workstations and we haven't made any changes to anything. Is anyone else seeing these?
09-14-2012 01:04 PM
Hello ,
Microsoft ASP.Net Information Leak brute force Attempt alert Threat Id : 40022 is looking for 40 events of Signature 33435 (
ASP.Net Information Leak Vulnerability) in 30 seconds, which is looking for HTTP 500 and an X-Powered-By: ASP.NET in the response header.
More information is available at :
http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
Note : This is often a false positive due to a proxy or misconfigured ASP scripts.
For Future Reference :
To report a false positive ,please open a case with Support providing information listed with following article:
https://live.paloaltonetworks.com/docs/DOC-2769
-Ameya
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
