Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MattDunn
Advisor

IPS Protection advice

Jump to solution

My customer's latest pen test report flags two issues.  They've asked whether their IPS can protect against these.  I've searched everything I can think of and can't find anything that seems relevant.

I've had similar questions in the past and raised SR's to ask.  I'm pretty much always told they can't help because there is no CVE ref number.  Useful 😶.  So this time I thought I'd ask here first as I pretty much already know what TAC will say.

Has anyone got any thoughts on how CP would protect against these?  IPS or otherwise...  This is the only info given to me at this point.

  • CGI Generic Path Traversal (write test)  -  References XREF OWASP:OWASP-AZ-001
  • CGI Generic XML Injection  -  References XREF OWASP:OWASP-DV-008 XREF CWE:91 XREF CWE:713 XREF CWE:722 XREF CWE:727 XREF CWE:810 XREF CWE:928 XREF CWE:929
0 Kudos
1 Solution

Accepted Solutions
Mario_Zuker
Employee
Employee

OWASP-AZ-001: should be blocked by core protection “Directory Traversal”

OWASP-DV-008  CGI Generic XML Injection:  should be handled by “Multiple Products XML System External Entity Information Disclosure” https://www.checkpoint.com/defense/advisories/public/2014/cpai-16-jun1.html/

 

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Pretty sure path traversal is one of our standard IPS signatures.
Not sure about the XML injection thing, will ask.

Mario_Zuker
Employee
Employee

OWASP-AZ-001: should be blocked by core protection “Directory Traversal”

OWASP-DV-008  CGI Generic XML Injection:  should be handled by “Multiple Products XML System External Entity Information Disclosure” https://www.checkpoint.com/defense/advisories/public/2014/cpai-16-jun1.html/

 

View solution in original post

0 Kudos
MattDunn
Advisor

Perfect, thanks!

0 Kudos