Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

Showing results for 
Search instead for 
Did you mean: 

Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

L4 Transporter

Is this a duplicate or does anybody know what the difference between those two Threat ID's is ?

Cheers Roland


L4 Transporter

Did you find it out why there are two threat IDs?

If yes, please let me know it.


KC Lee

L4 Transporter

Hey Gafrol and cheon

They both share the same internal bug ID 45996.

According to the notes, they found three different variations of this vulnerability and split it into three different threat IDs. 30852 35090 and 35107. This was shipped out with content version 337. Yes, the cover the same threat but cover different variations, apparently.


Hello mmmccorkle,

Thanks for your kind answer.

I have a question more deep.

What about below threats?

1) RIG Exploit Kit Detection (36683, 37561)

2) WGeneric.Gen Command and Control Traffic (13621, 14210)

3) Suspicious.Gen Command And Control Traffic (14035, 14137, 14155)

4) ANGLER Exploit Kit Detection (37744, 37796)

These threat-IDs are also same each other.


KC Lee

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!