Repeat BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attemp
-
I get repeated "BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attempt" from a particular server: a23-3-67-49.deploy.static.akamaitechnologies.com .
Is this a false alarm, or is this server dispensing attacks? If the latter, how do I get it stopped? How do I find out who's renting it?
I'm afraid I'm rather a novice in all this, so please keep the answers simple!
-
Hi.
https://www.snort.org/rule_docs/1-38484
BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attempt
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0156.
If you trust in a23-3-67-49.deploy.static.akamaitechnologies.com host, add it to the snort pass list
Regards
-
Hi again.
Other task: Check ipblacklist for: 23.3.67.49
http://whatismyipaddress.com/blacklist-check
Regards. -
Thanks for the info, in particular it's not blacklisted.
However, curiously, I get this snort alert when I view the UK BBC Weather pages on a tablet, but not when I use a desktop (linux) with Chrome on both, but I suppose the stylesheets give different content.
I presume akamai are serving the bbc content. Checking the domains on the desktop says akamai are doing that. Is it possible that some akamai server is compromised? I suspect it's more likely a false positive. But nobody lists any.
smoker
-
Hi.
I do not know if tthis akamai server is compromised. But you can submit the "false positive" (or bug) to Snort if you have a registred user in community::
https://www.snort.org/community#submit_bugRegards.