Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
0
Helpful
3
Replies

Sig5813 Vector Markup Language Vulnerability - False Positives?

enelson
Level 1
Level 1

‎09-29-2006 02:39 PM - edited ‎03-10-2019 03:15 AM

Seeing alot of activity with regard to this new vulnerability. The sensor is denying packets. The html is usually in the "Context" of the packet. Has anyone seen false positives for this signature?

<html xmlns:v="urn:schemas-microsoft-com:vm

Labels:
0 Helpful
3 Replies 3

jlimbo
Level 1
Level 1

‎09-29-2006 05:35 PM

Just to confirm is this subsig 5813-0? Or another subsignature.

Would you be able to provide the triggering packet through a produce verbose alert or even better a traffic sample?

0 Helpful

enelson
Level 1
Level 1
In response to jlimbo

‎09-30-2006 06:01 AM

Over 2200 alerts since the signature was intruduced.

These are ALL subsig 0.

We use Security Monitor to display our events.

Will Verbose alerts show in Secmon under ALERT DETAILS after enabled for this signature? (evIdsalert)

0 Helpful

mkirbyii
Level 1
Level 1
In response to enelson

‎09-30-2006 01:04 PM

There is a bug in Ciscoworks VMS Security Monitor, Secmon will always display subsig 0. The bug does not show the proper subsig. To determine the correct subsig you will need to obtain the event from the sensor itself using "show events" command.

M

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card