12-18-2008 12:44 PM - edited 03-10-2019 04:25 AM
I just started receiving this message today whenever a user accesses the DHL website.
199.41.238.32/0 --> 10.30.99.18/0 TCP <P>Microsoft Internet Explorer Method Parameter Validation Vulnerability</P>,NR-7427/0,Time:1229629119,Risk Rating:100,VLAN:0,Action:sd:droppedPacket cid:deniedFlow cid:tcpOneWayResetSent
Is this implying that the DHL-USA website has been compromised by the recent IE vulnerablility?
12-26-2008 06:33 AM
Traffic from web server was hitting event action over ride and adding a block. Make effect action filter that was tuned to remove the block and everything will work.
01-07-2009 02:44 PM
Also been seeing these recently here. The trigger packets on the IPS all appear to be Javascript related. However, since we can't view the regex in the sig, it's difficult to determine what exaactly the sig is firing on.
Masked regex's in the sigs are really a huge pain, it makes determining false positives much more difficult.
03-17-2009 05:19 PM
Could you confirm the Signature ID so that we can look into this further ?
07-02-2009 06:15 AM
I too can confirm 7427/0 on DHL sites.
A Cisco Security Center search on the signature still finds that, "There are no known benign triggers."
Can Cisco look into this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide