Traffic pattern of threat ID 38643

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Traffic pattern of threat ID 38643

L0 Member

Wavelink Emulation License Server HTTP Header Processing Heap Buffer Overflow Vulnerability' generated by PAN NGFW detected on host 10.10.10.1. " Vulnerability Exploit Detection (hostname:8081/)"

We have customer asking what is the traffic pattern that triggers this.
What is the traffic pattern that triggers this alert?
We are trying to narrow down what is causing this alert to occur.
Server is running Microsoft master data services on port 8081.
There is no Wavelink software installed.

Customer Comments: "we are running MS SQL server enterprise (2016) on this server,
The component which is used is Microsoft master data services (MDS), this comes as part of the SQL server installation."

1 REPLY 1

Cyber Elite
Cyber Elite

Palo Alto Networks does not provide the intellectual property of how their signature are created.


If you feel this is a false positive, please feel free to whitelist this ID number, while opening a ticket with PANW support to determine root cause.

 

The forum members here would not be able to complete your request for what the pattern would look like.

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !
  • 2419 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!