Did IDP detects PHP version on webserver ?



  • Hello,
    We have IDP250 managed by NSM.

    Recently, we add an exempt rule cause “HTTP: PHP php_quot_print_encode Heap Buffer Overflow” block all websites using this function.
    What about websites using unaffected PHP version ? (Versions prior to PHP 5.4.16 and 5.3.26 are vulnerable.)

    In the same way, IDP block “POP3: Buffer Overflow Username” traffic, but mail server don’t use “DeleGate” nor “Hexamail”

    I think IDP is blocking legitim traffic.
    What can i do for this ?

    Thanks.
    BR,


 

19
Online

38.4k
Users

12.7k
Topics

44.5k
Posts