11-15-2019 01:28 AM
Wavelink Emulation License Server HTTP Header Processing Heap Buffer Overflow Vulnerability' generated by PAN NGFW detected on host 10.10.10.1. " Vulnerability Exploit Detection (hostname:8081/)"
We have customer asking what is the traffic pattern that triggers this.
What is the traffic pattern that triggers this alert?
We are trying to narrow down what is causing this alert to occur.
Server is running Microsoft master data services on port 8081.
There is no Wavelink software installed.
Customer Comments: "we are running MS SQL server enterprise (2016) on this server,
The component which is used is Microsoft master data services (MDS), this comes as part of the SQL server installation."
11-15-2019 12:22 PM
Palo Alto Networks does not provide the intellectual property of how their signature are created.
If you feel this is a false positive, please feel free to whitelist this ID number, while opening a ticket with PANW support to determine root cause.
The forum members here would not be able to complete your request for what the pattern would look like.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!