Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Repeat BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attemp

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      smoker
      last edited by

      I get repeated "BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attempt" from a particular server: a23-3-67-49.deploy.static.akamaitechnologies.com .

      Is this a false alarm, or is this server dispensing attacks? If the latter, how do I get it stopped? How do I find out who's renting it?

      I'm afraid I'm rather a novice in all this, so please keep the answers simple!

      1 Reply Last reply Reply Quote 0
      • J
        javcasta
        last edited by

        Hi.

        https://www.snort.org/rule_docs/1-38484

        BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attempt

        Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0156.

        If you trust in a23-3-67-49.deploy.static.akamaitechnologies.com host, add it to the snort pass list

        Regards

        Javier Castañón
        Técnico de comunicaciones, soporte y sistemas.

        Mi web: https://javcasta.com/

        Soporte scripting/pfSense https://javcasta.com/soporte/

        1 Reply Last reply Reply Quote 0
        • J
          javcasta
          last edited by

          Hi again.

          Other task: Check ipblacklist for: 23.3.67.49
          http://whatismyipaddress.com/blacklist-check
          Regards.

          Javier Castañón
          Técnico de comunicaciones, soporte y sistemas.

          Mi web: https://javcasta.com/

          Soporte scripting/pfSense https://javcasta.com/soporte/

          1 Reply Last reply Reply Quote 0
          • S
            smoker
            last edited by

            Thanks for the info, in particular it's not blacklisted.

            However, curiously, I get this snort alert when I view the UK BBC Weather pages on a tablet, but not when I use a desktop (linux) with Chrome on both, but I suppose the stylesheets give different content.

            I presume akamai are serving the bbc content. Checking the domains on the desktop says akamai are doing that. Is it possible that some akamai server is compromised? I suspect it's more likely a false positive. But nobody lists any.

            smoker

            1 Reply Last reply Reply Quote 0
            • J
              javcasta
              last edited by

              Hi.

              I do not know if tthis akamai server is compromised. But you can submit the "false positive" (or bug) to Snort if you have a registred user in community::
              https://www.snort.org/community#submit_bug

              Regards.

              Javier Castañón
              Técnico de comunicaciones, soporte y sistemas.

              Mi web: https://javcasta.com/

              Soporte scripting/pfSense https://javcasta.com/soporte/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.