Think you have a false positive on this rule?

Sid 1-44353

Message

FILE-OTHER WSDL soap endpoint location code injection attempt

Summary

This event is generated when a code injection exploit attempt is seen in WSDL soap endpoint location

Impact

Attempted User Privilege Gain

CVE-2017-8759:

CVSS base score 7.8

CVSS impact score 5.9

CVSS exploitability score 1.8

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2017-8759: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

Affected systems

  • microsoft .net_framework 2.0
  • microsoft .net_framework 3.5
  • microsoft .net_framework 3.5.1
  • microsoft .net_framework 4.5.2
  • microsoft .net_framework 4.6
  • microsoft .net_framework 4.6.1
  • microsoft .net_framework 4.6.2
  • microsoft .net_framework 4.7

Ease of attack

CVE-2017-8759:

Access Vector

Access Complexity

Authentication

False positives

None Known

False negatives

None Known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8759