Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by NGFW

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
KRisselada
L2 Linker

Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by NGFW

RE: 'Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by PAN NGFW detected on host foo-wrkXXX involving user foo\User.Name

-- Unique Threat ID: 59026

 

I am wondering if others are seeing this Alert generated due to what appears to be mostly client updates of OneNote (and perhaps other cloud apps). Looking at the threat ID, I see it was released on 13 Aug and as of today, there has not been an update to it.

 

Have a client that since 17 Aug, has generated 54 Incidents in Cortex.  As we do not manage or have access client Panorama to change Profile and perhaps disable this alert for outbound client connectivity, wondering if perhaps others have seen it and have a PCAP sent to PANW so that they can update the signature to be more effective?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!