HTTP body IPS match on store.gonitro.com site when checking serial number
I just tried to check my Nitro Pro application's availability for upgrade and it fails to check it, getting this error in FSM traffic monitor. I obfuscated my actual serial number.
If I try to go to store.gonitro.com by itself, there is no issue. I cannot check the page source when it fails because its a blank page.
How can I tell if this is real or a false-positive?
Not so easily, alas.
The provider of the IPS info does not give much here:
http://www.watchguard.com/SecurityPortal/ThreatDetail.aspx?rule_id=1131148&includedIn=Full, Enhanced, Standard
Description: Multiple vulnerabilities were found in several web browsers, which allow remote attackers to execute arbitrary code
Impact: Remote code execution
Recommendation: Update vendor's patch.
A pretty much useless description.
No CVE or NIST number to check this out.
So there is no way to tell.
Open a support incident and COMPLAIN about the useless IPS info here.
If there is no way to tell that this is a positive or false positive, why bother having it in the IPS database??????????????????????