1 Reply Latest reply on Apr 27, 2017 5:03 AM by Ankit Gupta RSS
    mfelton Explorer

    Thingworx alongside an enterprise class IPS system faults

    Hi all,

    Previously I had raised an issue here Composer loading forever which was never resolved. Recently after some investigating from my IT team they have said this;


    Tracked this down, it looks like the server application is ropy and makes illegal calls, this is being blocked by our IPS, see below.

     

    This works ok on edge but not on IE, Chome or Firefox which means that the page is served differently according to the web browser in use.

     

    While these rules can be ignored it doesn’t resolve the root cause, which is that the application is operating outside of what is good practice and really needs to be correctly addressed. 

    You would be well placed to raise this as an issue, any other provider who uses this in conjunction with a enterprise class IPS system will have the same issue if using one of the effected web browsers. We are seeing this more and more as we start to place scrutiny on the data streams that some vendors are operating outside of what is acceptable and can be used to escalate privilege if crafted correctly. I Bet the vendor is blissfully unware of this  issue !



    2017:04:27-09:10:48 stopsvrutm01-1 snort[18512]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt" group="320" srcip="10.46.250.22" dstip="10.148.27.35" proto="6" srcport="80" dstport="17379" sid="17494" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

    2017:04:27-09:10:50 stopsvrutm01-1 snort[18512]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt" group="320" srcip="10.46.250.22" dstip="10.148.27.35" proto="6" srcport="80" dstport="17379" sid="26852" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

     

    Just wanted to highlight this to PTC so they can perhaps implement a fix into 7.5?