Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by NGFW


ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

L2 Linker

Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by NGFW

RE: 'Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by PAN NGFW detected on host foo-wrkXXX involving user foo\User.Name

-- Unique Threat ID: 59026


I am wondering if others are seeing this Alert generated due to what appears to be mostly client updates of OneNote (and perhaps other cloud apps). Looking at the threat ID, I see it was released on 13 Aug and as of today, there has not been an update to it.


Have a client that since 17 Aug, has generated 54 Incidents in Cortex.  As we do not manage or have access client Panorama to change Profile and perhaps disable this alert for outbound client connectivity, wondering if perhaps others have seen it and have a PCAP sent to PANW so that they can update the signature to be more effective?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!