Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gnussbaum
New Contributor

HTTP.Server.Authorization.Buffer.Overflow question

Hi,

 

We are getting the following alert on out FG50E:

 

 

The following intrusion was observed: "HTTP.Server.Authorization.Buffer.Overflow".
date=2023-03-21 time=08:30:46 devname=Fortigate_FG50E devid=FGT50E3U17032297 logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" eventtime=1679401846773064861 tz="-0400" severity="critical" srcip=10.1.1.216 srccountry="Reserved" dstip=20.62.128.25 srcintf="lan" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" sessionid=121219710 action="dropped" proto=6 service="HTTP" policyid=3 attack="HTTP.Server.Authorization.Buffer.Overflow" srcport=57766 dstport=443 url="/artifactory/api/system/ping" direction="outgoing" attackid=12351 profile="default" ref="http://www.fortinet.com/ids/VID12351" incidentserialno=1166735929 msg="web_server: HTTP.Server.Authorization.Buffer.Overflow," crscore=50 craction=4096 crlevel="critical"

 

The user in question is getting this using Microsoft's Power Apps.  It looks to be benign.  The destination is a Microsoft site.  

 

Is there a way to whitelist this?  I'm fairly new to Fortinet/Fortigate.Also, please let me know if more info is needed.

1 Solution
Sachin_Alex_Cherian_

Hi,

The log event is related to an IPS event: 

type="utm" subtype="ips" eventtype="signature"

If you are sure this signature needs to be allowed or whitelisted, you may follow the below document which explains the same:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Exempting-Allow-one-single-IPS-signature-f...

Regards,
Sachin.

View solution in original post

1 REPLY 1
Sachin_Alex_Cherian_

Hi,

The log event is related to an IPS event: 

type="utm" subtype="ips" eventtype="signature"

If you are sure this signature needs to be allowed or whitelisted, you may follow the below document which explains the same:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Exempting-Allow-one-single-IPS-signature-f...

Regards,
Sachin.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors