This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nagesh_Aithal
Explorer
‎2019-11-03 10:58 PM

SQL Servers SQL Injection Evasion Techniques

Hi,

 

We have received a below signature triggered in our environment.

 

Can anyone suggest the cause for this?

 

Resource:                 http://<URL>
Product Family:         Network
Time:                         13:34:38
Source Port:               64698
Date:                         29Oct2019
Type:                         Log
Interface:                   xxx
Service:                     http (80)
Origin:                       FW
Action:                       Detect
Number:                    11299748
Source:                     x.x.x.x
Protocol:                   tcp
Reject ID:                   5db7cf6d-44-3016e0a-c0000000
Information:               Update Version: 635197066
Rule UID:                  
Destination:               x.x.x.x
Rule:                         xxxx
Rule Name:               xxxxxx
Attack Information:     SQL Servers SQL Injection Evasion Techniques
Attack:                       Application Intelligence
IPS Profile:                xxxxx
Product:                     IPS Software Blade
Performance Impact: Medium
Protection Name:       SQL Servers SQL Injection Evasion Techniques
Protection ID:             asm_dynamic_prop_SQL_INJECT_EVS_A
Confidence Level:     High
Severity:                   Critical
Protection Type:       Signature
Industry Reference:   None
Proxied Source IP:     
Client Type:               Chrome
Policy Info:                 Policy Name: Policy1
                                  Created at: Thu Oct 24 16:45:50 2019
                                  Installed from: Management

 

 

Regards,

Santhosh

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2019-11-06 12:07 AM

If you've got packet captures enabled for this signature and submit them to TAC, we should be able to confirm why it is triggering.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events