False positive with antivirus accessing to forum
One customer is having the following false positive with the antivirus accesing the forum. The antivirus is Zyxel
2011-10-31:Obfuscated JavaScript excessive fromCharCode attack
Policy ID:
8009477
Policy Type:
Web Attacks
Attack Name:
Obfuscated JavaScript excessive fromCharCode attack
Attack Impact:
Remote Code Execution.
Attack Description:
The JavaScript attack would cause arbitrary code execution.
False Positive:
None known
False Negative:
None known
Recommendation Action:
Apply the appropriate vendor supplied patches
Reference:
url,www.cs.ucsb.edu/~marco/blog/2008/10/dom-based-obfuscation-in-malicious-javascript.html
Severity:
Medium
OS:
ALL;
Support Model:
ZyWALL 5/35/70/IDP 10
ZyWALL USG Series/ZyWALL 1050
First Signature Release:
ZLD:V2.326
Latest Modified Signature:
ZyNOS:V4.027
2011-10-31:Obfuscated JavaScript excessive fromCharCode attack
Policy ID:
8009477
Policy Type:
Web Attacks
Attack Name:
Obfuscated JavaScript excessive fromCharCode attack
Attack Impact:
Remote Code Execution.
Attack Description:
The JavaScript attack would cause arbitrary code execution.
False Positive:
None known
False Negative:
None known
Recommendation Action:
Apply the appropriate vendor supplied patches
Reference:
url,www.cs.ucsb.edu/~marco/blog/2008/10/dom-based-obfuscation-in-malicious-javascript.html
Severity:
Medium
OS:
ALL;
Support Model:
ZyWALL 5/35/70/IDP 10
ZyWALL USG Series/ZyWALL 1050
First Signature Release:
ZLD:V2.326
Latest Modified Signature:
ZyNOS:V4.027
Do you have any update on this issue?
Thanks and regards!