This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

gafrol
L4 Transporter

‎04-09-2014 01:39 AM

Is this a duplicate or does anybody know what the difference between those two Threat ID's is ?

Cheers Roland

0 Likes Likes
6 REPLIES 6

KiCheon.Lee
L4 Transporter

‎07-08-2015 01:20 AM

Did you find it out why there are two threat IDs?

If yes, please let me know it.

Thanks,

KC Lee

0 Likes Likes

mmmccorkle
L4 Transporter

‎07-08-2015 11:57 AM

Hey Gafrol and cheon

They both share the same internal bug ID 45996.

According to the notes, they found three different variations of this vulnerability and split it into three different threat IDs. 30852 35090 and 35107. This was shipped out with content version 337. Yes, the cover the same threat but cover different variations, apparently.

Thanks!

KiCheon.Lee
L4 Transporter
In response to mmmccorkle

‎07-16-2015 11:40 PM

Hello mmmccorkle,

Thanks for your kind answer.

I have a question more deep.

What about below threats?

1) RIG Exploit Kit Detection (36683, 37561)

2) WGeneric.Gen Command and Control Traffic (13621, 14210)

3) Suspicious.Gen Command And Control Traffic (14035, 14137, 14155)

4) ANGLER Exploit Kit Detection (37744, 37796)


These threat-IDs are also same each other.


Thanks,

KC Lee



0 Likes Likes

Aryanto
L1 Bithead
In response to KiCheon.Lee

‎12-31-2022 01:24 AM

What about below threats?

1) RIG Exploit Kit Detection (36683, 37561)

2) WGeneric.Gen Command and Control Traffic (13621, 14210)

3) Suspicious.Gen Command And Control Traffic (14035, 14137, 14155)

4) ANGLER Exploit Kit Detection (37744, 37796)


Do you have any of those Threat ID Guide or Definition, it's will make me easeir to understand the Threat.

0 Likes Likes

BenHA2D
L0 Member

‎01-03-2023 10:26 AM - edited ‎02-19-2023 07:46 AM

Good day, Men! I'm new to the group and I'll be using this thread to keep tabs on any developments about the creation of duplicate Threat IDs; for the life of me, I can't figure out how to get a second Threat ID. @zinitevi

0 Likes Likes

NikhilKulkarni
L0 Member
In response to mmmccorkle

‎11-21-2023 07:57 AM

HI,

I have a query: why was this alert ('HTTP /etc/passwd Access Attempt' generated by PAN NGFW) triggered?

 

0 Likes Likes
  • 8091 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks