Hi everyone. We have recently updated one of our network sensors with X-Press Update 20.11, which has a signature for the recently discovered WebDAV IIS issue. However, recent possible attacks involving this event have been triggering others as well, such as Unicode_Wide_Encoding, Bad_Hex_Code and Name_Very_Long. The facts that these three ALWAYS happen when a WebDAV_Long_Rqst_BO happens, and precisely at the same time and count, appeared odd to me.
Has anyone seen such cases too? Is that the desired behavior? If so, what is the point of having multiple events triggered by a single, specific attack? TIA, Daniel Fonseca TI - SSO :: System Security Office ATL - Algar Telecom Leste Tel.: +55 21 2528-9993 Cel.: +55 21 9427-9323 _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
