cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X

Thingworx alongside an enterprise class IPS system faults

mfelton
12-Amethyst

Thingworx alongside an enterprise class IPS system faults

Hi all,

Previously I had raised an issue here Composer loading forever which was never resolved. Recently after some investigating from my IT team they have said this;


Tracked this down, it looks like the server application is ropy and makes illegal calls, this is being blocked by our IPS, see below.

This works ok on edge but not on IE, Chome or Firefox which means that the page is served differently according to the web browser in use.

While these rules can be ignored it doesn’t resolve the root cause, which is that the application is operating outside of what is good practice and really needs to be correctly addressed. 

You would be well placed to raise this as an issue, any other provider who uses this in conjunction with a enterprise class IPS system will have the same issue if using one of the effected web browsers. We are seeing this more and more as we start to place scrutiny on the data streams that some vendors are operating outside of what is acceptable and can be used to escalate privilege if crafted correctly. I Bet the vendor is blissfully unware of this  issue !



2017:04:27-09:10:48 stopsvrutm01-1 snort[18512]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt" group="320" srcip="10.46.250.22" dstip="10.148.27.35" proto="6" srcport="80" dstport="17379" sid="17494" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

2017:04:27-09:10:50 stopsvrutm01-1 snort[18512]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt" group="320" srcip="10.46.250.22" dstip="10.148.27.35" proto="6" srcport="80" dstport="17379" sid="26852" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

Just wanted to highlight this to PTC so they can perhaps implement a fix into 7.5?

1 REPLY 1
ankigupta
12-Amethyst
(To:mfelton)

Matthew Felton​,

Could you please open a case with PTC support so that they can gather the requisite details and open a Jira with R&D team.

Announcements


Top Tags