Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Access Logs - weird entries

_Legacy_
New Contributor
‎12-04-2020 02:13:AM
‎12-04-2020 02:13:AM

User Access Logs - weird entries

MAG SM360 on PCS 8.1:

 

Obviously all of the PCS 8.x versions are EOL now, but the user cannot upgrade to 9.x as the MAG SM360 cannot run this software.

 

Logs show the following,

 

[127.0.0.1] System()[] - InvalidUrl: /dana-na/  ..  /dana/html5acc/guacamole/ .. ..  etc/passwd?/dana/html5acc/guacamole/

 

We thought maybe they are from someone Penetrating Testing/Vulnerability Scanning, but they come from the localhost address and various IP Addresses which are from legitimate partners they work with.


Found this PRS but don't think it's related and checking through the documentation cannot see it being listed as fixed.

 

Known Issue: PRS-329563 invalid URL via core access.

 

Any ideas why this is happening and if it can be stopped?

 

(admin: removed repeating directory traversal)

 

0 Kudos
2 REPLIES 2
kita
Regular Contributor
‎12-04-2020 09:18:AM
‎12-04-2020 09:18:AM

Re: User Access Logs - weird entries

What version of 8.1RX are you running. In general, I would advise upgrade to the latest patch version as previous versions of 8.1RX are vulnerable to the following security issue.

0 Kudos
zanyterp
Moderator
Moderator
‎01-23-2021 02:51:AM
‎01-23-2021 02:51:AM

Re: User Access Logs - weird entries

in addition to what kita mentioned, this is not supported on 8.1
do you have other devices on newer software that use the same hostname?
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.