topic 5610-0 false positives in Network Security https://community.cisco.com/t5/network-security/5610-0-false-positives/m-p/489234#M98822 <P>I don't understand why this is firing. It looks like it should only fire if there is a non-numeric value for the query parameter graph_start...which there isn't. Here are the details.</P><P></P><P>Arg Name Regex: [Gg][Rr][Aa][Pp][Hh][_][Ss][Tt][Aa][Rr][Tt][=]</P><P>Arg Value Regex: [^0-9]+</P><P></P><P>And here is the context:</P><P> fromAttacker: </P><P>000000 47 45 54 20 2F 63 61 63 74 69 2F 67 72 61 70 68 GET /cacti/graph</P><P>000010 5F 69 6D 61 67 65 2E 70 68 70 3F 6C 6F 63 61 6C _image.php?local</P><P>000020 5F 67 72 61 70 68 5F 69 64 3D 31 36 31 26 72 72 _graph_id=161&amp;rr</P><P>000030 61 5F 69 64 3D 30 26 67 72 61 70 68 5F 68 65 69 a_id=0&amp;graph_hei</P><P>000040 67 68 74 3D 31 30 30 26 67 72 61 70 68 5F 77 69 ght=100&amp;graph_wi</P><P>000050 64 74 68 3D 33 30 30 26 67 72 61 70 68 5F 6E 6F dth=300&amp;graph_no</P><P>000060 6C 65 67 65 6E 64 3D 74 72 75 65 26 76 69 65 77 legend=true&amp;view</P><P>000070 5F 74 79 70 65 3D 74 72 65 65 26 67 72 61 70 68 _type=tree&amp;graph</P><P>000080 5F 73 74 61 72 74 3D 31 31 33 38 31 33 31 39 39 _start=113813199</P><P>000090 36 26 67 72 61 70 68 5F 65 6E 64 3D 31 31 33 38 6&amp;graph_end=1138</P><P>0000A0 32 31 38 33 39 36 20 48 54 54 50 2F 31 2E 31 0D 218396 HTTP/1.1.</P><P></P><P> riskRatingValue: 65 </P><P> interface: ge0_0 </P><P> protocol: tcp </P><P></P> Sun, 10 Mar 2019 09:51:39 GMT mhellman 2019-03-10T09:51:39Z 5610-0 false positives https://community.cisco.com/t5/network-security/5610-0-false-positives/m-p/489234#M98822 <P>I don't understand why this is firing. It looks like it should only fire if there is a non-numeric value for the query parameter graph_start...which there isn't. Here are the details.</P><P></P><P>Arg Name Regex: [Gg][Rr][Aa][Pp][Hh][_][Ss][Tt][Aa][Rr][Tt][=]</P><P>Arg Value Regex: [^0-9]+</P><P></P><P>And here is the context:</P><P> fromAttacker: </P><P>000000 47 45 54 20 2F 63 61 63 74 69 2F 67 72 61 70 68 GET /cacti/graph</P><P>000010 5F 69 6D 61 67 65 2E 70 68 70 3F 6C 6F 63 61 6C _image.php?local</P><P>000020 5F 67 72 61 70 68 5F 69 64 3D 31 36 31 26 72 72 _graph_id=161&amp;rr</P><P>000030 61 5F 69 64 3D 30 26 67 72 61 70 68 5F 68 65 69 a_id=0&amp;graph_hei</P><P>000040 67 68 74 3D 31 30 30 26 67 72 61 70 68 5F 77 69 ght=100&amp;graph_wi</P><P>000050 64 74 68 3D 33 30 30 26 67 72 61 70 68 5F 6E 6F dth=300&amp;graph_no</P><P>000060 6C 65 67 65 6E 64 3D 74 72 75 65 26 76 69 65 77 legend=true&amp;view</P><P>000070 5F 74 79 70 65 3D 74 72 65 65 26 67 72 61 70 68 _type=tree&amp;graph</P><P>000080 5F 73 74 61 72 74 3D 31 31 33 38 31 33 31 39 39 _start=113813199</P><P>000090 36 26 67 72 61 70 68 5F 65 6E 64 3D 31 31 33 38 6&amp;graph_end=1138</P><P>0000A0 32 31 38 33 39 36 20 48 54 54 50 2F 31 2E 31 0D 218396 HTTP/1.1.</P><P></P><P> riskRatingValue: 65 </P><P> interface: ge0_0 </P><P> protocol: tcp </P><P></P> Sun, 10 Mar 2019 09:51:39 GMT https://community.cisco.com/t5/network-security/5610-0-false-positives/m-p/489234#M98822 mhellman 2019-03-10T09:51:39Z Re: 5610-0 false positives https://community.cisco.com/t5/network-security/5610-0-false-positives/m-p/489235#M98824 <HTML><HEAD></HEAD><BODY><P>Thankyou for bringing this to our attention, it is indeed a false positive. This has been assigned bug id CSCsd16754 and will be addressed in the S215 release.</P></BODY></HTML> Thu, 26 Jan 2006 01:29:57 GMT https://community.cisco.com/t5/network-security/5610-0-false-positives/m-p/489235#M98824 wsulym 2006-01-26T01:29:57Z