Operational Defect Database
BugZero found this defect 237 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000bydhSAA
IPS signatures 1139797 and 1132092 block HTTP port 80 traffic after upgrade to v12.5.12
Last update date:
10/17/2023
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.5.x
Fixed releases:
v18.285
Description:
Issue
As of Fireware v12.5.12, Application Control and Intrusion Prevention Service use an updated engine and signature set. After you upgrade to Fireware v12.5.12, IPS signature rules 1139797 and 1132092 might block some HTTP traffic. 1139797 Buffer Overflow High WEB HTTP Invalid Content-Length -2 - A buffer overflow exists in several products. 1132092 Buffer Overflow Critical FILE Invalid XML Version -2 - A buffer overflow vulnerability was found in multiple products, caused by improper bounds checking of the version and encoding attributes inside the XML declaration.
Workaround/Solution
Temporarily add IPS signature exceptions to allow port 80 traffic through the Firebox.We will update this article after the issue is resolved.
