Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

L4 Transporter

Is this a duplicate or does anybody know what the difference between those two Threat ID's is ?

Cheers Roland

6 REPLIES 6

L4 Transporter

Did you find it out why there are two threat IDs?

If yes, please let me know it.

Thanks,

KC Lee

L4 Transporter

Hey Gafrol and cheon

They both share the same internal bug ID 45996.

According to the notes, they found three different variations of this vulnerability and split it into three different threat IDs. 30852 35090 and 35107. This was shipped out with content version 337. Yes, the cover the same threat but cover different variations, apparently.

Thanks!

Hello mmmccorkle,

Thanks for your kind answer.

I have a question more deep.

What about below threats?

1) RIG Exploit Kit Detection (36683, 37561)

2) WGeneric.Gen Command and Control Traffic (13621, 14210)

3) Suspicious.Gen Command And Control Traffic (14035, 14137, 14155)

4) ANGLER Exploit Kit Detection (37744, 37796)


These threat-IDs are also same each other.


Thanks,

KC Lee



What about below threats?

1) RIG Exploit Kit Detection (36683, 37561)

2) WGeneric.Gen Command and Control Traffic (13621, 14210)

3) Suspicious.Gen Command And Control Traffic (14035, 14137, 14155)

4) ANGLER Exploit Kit Detection (37744, 37796)


Do you have any of those Threat ID Guide or Definition, it's will make me easeir to understand the Threat.

L0 Member

Good day, Men! I'm new to the group and I'll be using this thread to keep tabs on any developments about the creation of duplicate Threat IDs; for the life of me, I can't figure out how to get a second Threat ID. @zinitevi

HI,

I have a query: why was this alert ('HTTP /etc/passwd Access Attempt' generated by PAN NGFW) triggered?

 

  • 9243 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!