Intrusion Prevention Alert

Bronze Member
  • Total Posts : 40
  • Scores: 2
  • Reward points: 0
  • Joined: 2018/03/01 13:55:27
  • Status: offline
2019/05/03 06:01:21 (permalink)

Intrusion Prevention Alert

I received the following alert on my Fortigate. How do I tell that this was dropped? Or if there is still something else I need to do on my Fortigate?
The following intrusion was observed: Apache.Tomcat.Arbitrary.JSP.file.Upload.
date=2019-05-03 time=06:02:20 devname=FGT01 devid=FG101E4Q17000329 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd=root severity=high srcip= srccountry="China" srcintf="wan1" dstintf="lan" policyid=7 sessionid=57982235 action=dropped proto=6 service="HTTPS" attack="Apache.Tomcat.Arbitrary.JSP.file.Upload" srcport=31951 dstport=443 hostname="" direction=outgoing attackid=44543 profile="protect_http_server" ref="" incidentserialno=1972817245 msg="web_server: Apache.Tomcat.Arbitrary.JSP.file.Upload," crscore=30 crlevel=high  

1 Reply Related Threads

    Expert Member
    • Total Posts : 6019
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Intrusion Prevention Alert 2019/05/03 06:42:40 (permalink)
    IPS cuts off the session if a pattern matches, that's why it's called "dropped". This one was detected and the connection was dropped after some time/bytes. It wouldn't hurt if you checked your server though.


    " Kernel panic: Aiee, killing interrupt handler!"
    Jump to:
    © 2019 APG vNext Commercial Version 5.5