Wavelink Emulation License Server HTTP Header Processing Heap Buffer Overflow Vulnerability' generated by PAN NGFW detected on host 10.10.10.1. " Vulnerability Exploit Detection (hostname:8081/)"
We have customer asking what is the traffic pattern that triggers this.
What is the traffic pattern that triggers this alert?
We are trying to narrow down what is causing this alert to occur.
Server is running Microsoft master data services on port 8081.
There is no Wavelink software installed.
Customer Comments: "we are running MS SQL server enterprise (2016) on this server,
The component which is used is Microsoft master data services (MDS), this comes as part of the SQL server installation."
Palo Alto Networks does not provide the intellectual property of how their signature are created.
If you feel this is a false positive, please feel free to whitelist this ID number, while opening a ticket with PANW support to determine root cause.
The forum members here would not be able to complete your request for what the pattern would look like.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!